|Publication number||USRE42382 E1|
|Application number||US 12/860,612|
|Publication date||May 17, 2011|
|Filing date||Aug 20, 2010|
|Priority date||Jul 24, 2004|
|Also published as||US7480931, US20060020792|
|Publication number||12860612, 860612, US RE42382 E1, US RE42382E1, US-E1-RE42382, USRE42382 E1, USRE42382E1|
|Inventors||Jason Robert Weiss|
|Original Assignee||Bbs Technologies, Inc.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (16), Referenced by (3), Classifications (18), Legal Events (8)|
|External Links: USPTO, USPTO Assignment, Espacenet|
1. Field of the Invention
The present invention relates to the authentication of volume mount points, and in particular the ability of an operating system to selectively accept or reject a volume mount point request for media based on a configurable set of rules.
2. Description of Prior Art
Individuals, corporations and governments face an increasing threat from within. Unethical individuals have at their disposal a multitude of high volume storage mediums available by simply walking into a local electronics store. Anyone can pay several hundred dollars or less to purchase storage devices that are highly resistant to detection. These devices assuredly help simplify the act of corporate and government espionage and greatly facilitate the proliferation of computer viruses, electronic Trojan Horses, and similar objects of computer mass infiltration. Even institutions that employ security checkpoints where backpacks and briefcases are searched and everyone must walk through a metal detector face the daunting challenge of detecting and deterring someone from walking out the front door with 256 MB, 512 MB, 2 GB, 4 GB or more of business intelligence, classified drawings, or sensitive financial documents on a device that is roughly the size of a clasp on a brazier.
Undoubtedly plug-and-play hard drives, palm-sized mobile storage solutions, infrared and radio frequency (RF) over-the-air digital data communications are now pervasive in today's society. As the popularity and number of these types of devices continue to grow, enterprise Information Technology (IT) departments, as well as a growing consumer base, are demanding methods to authenticate and trust certain physical devices while rejecting access to other physically identical devices. Obtaining such authentication and trust has to be accomplished in a way that does not compromise business productivity. To illustrate by example, consider employee A, who steps away from a physically secured laptop computer. Visitor B is able to quickly plug a USB flash drive into the computer. Visitor B may quickly copy trade secrets from the computer to the USB flash drive, or may download a computer virus from the USB flash drive to the computer. Visitor B is able to complete these tasks and remove the USB flash drive prior to employee A′s return. Employee A will have little chance to know that business intelligence was taken, nor that a virus was implanted.
The present invention provides a dynamic and expeditious means of authenticating one or more mountable volumes. If the circumstances surrounding the volume undergoing authentication are found to be sufficiently proper, the volume is considered trustworthy and a mounting request is allowed to proceed. If circumstances are found to be outside the range of that considered proper, the mounting request is denied. In the case of a volume already mounted, dismounting action may be taken. The present invention further provides a means of determining whether the found circumstances are proper, that is trustworthy, or not.
The core application, called Volume Trust, relies on a series of fuzzy logic calculations that inspect the attributes (size, number of sectors, drive interface type, et cetera) of a volume, applying weighted calculations to determine a raw score and an overall maximum possible score. This raw score is then mathematically adjusted to be within the range of 0 to 100, resulting in a Trustworthy Factor score for the volume undergoing authentication. The Trustworthy Factor score can be calculated in a completely non-intrusive way, meaning that no data whatsoever has to be written to the volume during this process. As a result, read-only media such as CD-ROM's and DVD's may be assigned unique Trustworthy Factor scores and there is no change in the amount of free space available on read/write volumes after the process completes.
The Trustworthy Factor score is not an absolute threshold. Analogies can be drawn to the popular consumer credit rating system. In that system, the higher the credit score, the less risk there is that the consumer will default on a loan. However, regardless of how high the credit score is, there is always the possibility of the consumer defaulting on the loan. Similarly, as the Trustworthy Factor score increases, the likelihood of the volume containing malignant code or being used for malicious purposes decreases, though the threat is never entirely eradicated. The only true way to eradicate the threat from mobile, external storage devices is to build a computer that has no external ports and is physically secured to ensure new drives can not be inserted. In the course of day-to-day business operations, such a device is impractical and would be a large impediment to business productivity.
By its very nature, a weighted scoring system provides administrators the ability to factor each capability of the volume in a different way. For instance, consider this example that inspects only the disk interface. An IDE hard drive mounted as a fixed disk inside a computer, where the computer case has been secured, might score a Trustworthy Factor score in the mid-sixties and be considered a highly trustable volume, a high level of trust. A 160 GB external IEEE 1394 drive, which resides outside the computer case, might score a Trustworthy Factor score in the low thirties. It may be considered a moderately trustable volume, since there are no pocket-sized or palm-sized drives meeting that description. A 64 MB USB keychain drive might yield a Trustworthy Factor score less than twenty, meaning that it should be considered as untrustworthy and potentially a security threat, a low level of trust.
Typically, over twenty five different factors, called metadata elements, are examined in the computation of a volume's Trustworthy Factor score. Each factor can be given different weighing factors, as appropriate for the organization being served. For example, consider two devices, one that discloses the number of sectors and tracks it contains and another that does not. The device that discloses the number of sectors information is more trustworthy than the device that fails to disclose. Thus, the disclosing device receives a slightly higher Trustworthy Factor score. However, other factors may be more important in determining the trustworthiness of the device. Another factor is the interface type used to interact with the device (IDE, USB, IEEE 1394, et cetera). This factor indicates the portability of the volume. IDE is considered more trustworthy than USB for the simple fact that it is difficult to mount an IDE drive outside the computer case. Thus, an IDE drive mounted inside a locked computer case should be considered to have a high level of trust.
One of the benefits of the present invention is the use of administrator-configured weighing factors to discriminate more important volume factors, metadata elements, from others. This allows the Volume Trust application to be adjusted to local needs without need for recompilation. Increasing the weighing factors directly impacts the trustworthy factor score of a volume that discloses that metadata element. In fact, the Volume Trust application can be tuned in the field in a matter of seconds to respond to the circumstances at hand. For example, a laptop used by an individual at their cubicle on the 37th floor of corporate headquarters is at minimal risk. When that laptop is taken on a business trip to a conference room with 30 strangers at a client's office, the level of risk should increase moderately. Now, when that same laptop is taken to the Comdex tradeshow floor where there are hundreds of thousands of strangers walking around, the maximum level of protection should be enabled and the Volume Trust application should be extremely skeptical about every external storage device.
While the present invention may be practiced using software, hardware or firmware, it is an object of the present invention to provide a software based solution to volume mount authentication.
An advantage of the present invention is that it may be cost-effectively deployed to a large installation base through common software distribution techniques and does not require technicians to manipulate computer hardware.
The present invention is backwards compatible, easily working with existing computer infrastructure.
The present invention is operating system independent.
The present invention is independent of programming language.
The present invention allows a storage device, such as a DVD or CD-ROM drive, or card reader, to remain online while scrutinizing the media associated with the storage device.
The present invention does not require the modification of existing user security privileges, nor does it require the creation or modification of specialized security privilege groups.
The present invention operates in real-time by leveraging the event notification mechanisms built into most operating systems.
The present invention does not rely on cryptographic algorithms susceptible to aging, which become insecure over time, nor does it rely on expensive and administratively time-consuming Public Key Identification (PKI).
The present invention does not require any modification of existing computer or computer-peripheral manufacturing techniques.
The present invention allows an administrator or user to refine the fuzzy logic used to establish trust between the device and media without requiring access to source code and redistributing new binary run-time objects.
The present invention allows for easy audit and logging of external storage device interactions through its robust and flexible daisy-chained list of zone action handlers.
The present invention works on virtually all devices that contain a microprocessor, from computers to phones to personal digital assistants across operating systems and programming languages.
The present invention provides the ability to slide the level of trust based upon external security factors, such as different states of terrorist alerts.
The present invention and its advantages will be better understood by referring to the following detailed description and the attached drawings in which:
An overall flow-chart view of the basic process steps of the volume mount authentication process, S100 through S800, is shown in
Furthermore, a media device may be hosted by a second computing device. Such second computing device may abstract the media device from the first computing device. For example, a desktop PC is a first computing device which is performing volume mount authentication on a PDA (a handheld portable computer) that contains a media device such as a hard disk storage drive. The PDA in this example is a second computing device which is hosting the media device. In all cases, the second computing device, or any computing intermediary, is effectively the same as a media device which it is hosting. The meaning of the term media device may include any media device, its host, or other computing intermediary.
A detailed flow-chart view of the core process steps of the volume mount authentication process is illustrated in
Volume mount notification 16 must be decoded so metadata 6 that is related to media 1 may be extracted. This is done by first converting the logical disk information 17 into a physical disk partition address 18, step S210. Note, physical disk partition address 18 is commonly known to refer to any block of storage space that may be read from, written to, or is both readable and writable. Physical disk partition address 18 is then converted into a physical storage device address 19, step S220. These steps of deabstracting the information are typically performed using routine libraries, and these steps are well known to those skilled in the art. Once the physical drive information is obtained, the storage device data is extracted, step S230, along with logical disk data, S240, disk partition data, S250, and physical media data, S260, from their respective data structures, as is appropriate for the media being authenticated. Such collected metadata 6 is stored as a volume metadata object 7. Typically, at least two dozen metadata elements 8 describing media 1 and media device 2 are gathered.
One or more data communications channels may exist between the computing device and the media device or media itself. In such cases, it is also possible to collect metadata associated with the data communications channel.
The media may also be associated with one or more media devices, data communications channels, or media computing devices, each of which are abstracted behind the volume mount point. For instance, the computing device under authentication may detect a volume mount point from an infrared signal being sent from a handheld computing device containing a miniature hard disk drive that is plugged into the handheld computing device's USB port. The miniature hard disk drive represents the media device. In such a configuration, the computing device under authentication may retrieve metadata from the infra-communication channel, the handheld computing device itself, its USB data channel, and the miniature hard disk drive.
Trustworthy factor calculator 9 is loaded, step S300. Typically, in a Windows operating system, trustworthy factor calculator 9 is a dynamic linked library, a plug in module. Trustworthy factor calculator 9 looks up and loads calculation steps 22 associated with the metadata elements of interest. Trustworthy factor calculator 9 loads weighing factors 23 which correspond to the metadata elements, step S350. For each metadata element 8, Trustworthy factor calculator 9, using calculation steps 22, determines a score value 24 and its maximum possible score value 25. Weighing factors 23 are applied to each score value 24 and each maximum possible score value 25. Score values 24 are accumulated as a raw score 10 and the maximum possible score values 25 are accumulated as an overall maximum score 26, step S410. Accumulated raw score 10 is normalized, based on overall maximum score 26, step S420, establishing a trustworthy factor score 27. Typically, for convenience, trustworthy factor score 27 is set to create a range of zero (0) to one hundred (100). This is accomplished by simply dividing accumulated raw score 10 by overall maximum score 26 and multiplying by one hundred (100).
Scoring matrix 11 is loaded, step S500. Typically, in a Windows brand operating system, this module is a dynamic linked library, a plug in module. Scoring matrix 11 is a set of established thresholds used to classify resulting Trustworthy Factor Score 27 created the Trustworthy Factor Calculator 9. The zone encompassing Trustworthy Factor Score 27 is identified as the Level of Trust Zone 12, step S600. For example, a trustworthy factor score falling between 0 to 15 may be classed as zone one (1), a trustworthy factor score falling between 16 to 50 as zone two (2), a trustworthy factor score falling between 51 to 80 as zone three (3), and a trustworthy factor score falling between 81 to 100 as zone four (4). Once Level of Trust Zone 12 is identified, the zone information is used to select and execute a Zone Action Handler 14 for that Level of Trust Zone 12, step S700. Continuing the example, a trustworthy factor score of 45 falls between 16 and 50 and is therefore classed as zone two (2). The Zone Action Handler corresponding to that zone two (2) is then executed.
Zone Action Handler 14 may perform a variety of actions, which will be detailed in
Zone Action Handler 14 returns an ultimate signal, a Zone Action Handler Response 39, to allow mount of media 1 or disallow mount of media 1, step S800. This concludes the volume mount authentication process.
In an alternative embodiment, Zone Action Handler 14 may include the capability to decide whether to remember the external additional authentication for the particular media or media device being authenticated, step S750. In such case, Zone Action Handler 14 includes a Remember Media Action Handler 33, which may be configured to always associate the particular media 1′ with a mount or dismount conclusion, step S760. Such being the case, the next time that particular media 1′ is subject to an authentication request, another action handler, the Media Previously Trusted Action Handler 34, may directly return a mount or dismount conclusion without invoking other action handlers to prompt for password, biometrics, security token card, or administrator security group determination, step S705. An additional alternate embodiment is to enable the Remember Media Action Handler 33 to grant such mount or dismount association for a fixed period of time, or other validity condition, step S770. In such case, Media Previously Trusted Action Handler 34 uses the period of time or other validity condition in making its mount or dismount conclusion.
An alternate embodiment of the present invention includes use of external reporting of security levels to adjust the scoring matrix. A governmental agency, an industry, a specific plant or locale may issue security alerts of various levels. For example, a refinery may receive “red”, “orange”, “yellow”, and “green” security levels, depending on external intelligence, terrorist action, or geopolitical conditions. These external security levels may be used to automatically modify the scoring matrix. In this example, a “red” or “orange” security level, indicating a threatening security condition, may be used to require greater trustworthy factor scores to meet specific level of trust zone thresholds. In such case, the external security levels are used as indicators to adjust or replace the scoring matrix to reflect these more stringent security requirements.
Although the description above contains many specifications, these should not be construed as limiting the scope of the invention but as merely providing illustrations of some of the presently preferred embodiments of this present invention. Persons skilled in the art will understand that the method and apparatus described herein may be practiced, including but not limited to, the embodiments described. Further, it should be understood that the invention is not to be unduly limited to the foregoing which has been set forth for illustrative purposes. Various modifications and alternatives will be apparent to those skilled in the art without departing from the true scope of the invention. While there has been illustrated and described particular embodiments of the present invention, it will be appreciated that numerous changes and modifications will occur to those skilled in the art, and it is intended as herein disclosed to cover those changes and modifications which fall within the true spirit and scope of the present invention.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5832213 *||Jul 3, 1996||Nov 3, 1998||Sun Microsystems, Inc.||Flexible mounting and unmounting of user removable media|
|US6012145 *||Nov 14, 1994||Jan 4, 2000||Calluna Technology Limited||Security system for hard disk drive|
|US6014746 *||Feb 21, 1997||Jan 11, 2000||Lockheed Martin Energy Research Corporation||Workstation lock and alarm system|
|US6119232 *||Nov 2, 1998||Sep 12, 2000||Sun Microsystems, Inc.||Flexible mounting and unmounting of user removable media|
|US6301665 *||Apr 30, 1998||Oct 9, 2001||Compaq Computer Corporation||Security methodology for devices having plug and play capabilities|
|US6665714 *||Jun 30, 1999||Dec 16, 2003||Emc Corporation||Method and apparatus for determining an identity of a network device|
|US6711685 *||Jun 8, 1999||Mar 23, 2004||International Business Machines Corporation||System and procedure for protection against the analytical espionage of secret information|
|US6904493 *||Jul 11, 2002||Jun 7, 2005||Animeta Systems, Inc.||Secure flash memory device and method of operation|
|US7107610 *||May 11, 2001||Sep 12, 2006||Intel Corporation||Resource authorization|
|US7191467 *||Mar 15, 2002||Mar 13, 2007||Microsoft Corporation||Method and system of integrating third party authentication into internet browser code|
|US7318150 *||Feb 25, 2004||Jan 8, 2008||Intel Corporation||System and method to support platform firmware as a trusted process|
|US20020083339 *||Dec 22, 2000||Jun 27, 2002||Blumenau Steven M.||Method and apparatus for preventing unauthorized access by a network device|
|US20030163719 *||Dec 9, 2002||Aug 28, 2003||Fujitsu Limited||Removable disk device with identification information|
|US20040117318 *||Dec 16, 2002||Jun 17, 2004||Grawrock David W.||Portable token controlling trusted environment launch|
|US20050015611 *||Jun 30, 2003||Jan 20, 2005||Poisner David I.||Trusted peripheral mechanism|
|WO2003107589A1||May 27, 2003||Dec 24, 2003||Koninklijke Philips Electronics N.V.||Method for authentication between devices|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US8938796||Sep 13, 2013||Jan 20, 2015||Paul Case, SR.||Case secure computer architecture|
|US9122633||Jan 13, 2015||Sep 1, 2015||Paul Case, SR.||Case secure computer architecture|
|US20140173686 *||Dec 19, 2013||Jun 19, 2014||Taeho Kgil||Device Communication Based On Device Trustworthiness|
|U.S. Classification||726/2, 726/27, 713/165, 726/26, 713/167, 713/193, 713/194, 726/16, 726/17|
|International Classification||G06F7/04, H04L9/00, G06K9/00, H04L9/32, G06F17/30|
|Cooperative Classification||G06F21/57, G06F21/80|
|European Classification||G06F21/57, G06F21/80|
|Sep 3, 2012||REMI||Maintenance fee reminder mailed|
|Dec 7, 2012||AS||Assignment|
Free format text: CHANGE OF NAME;ASSIGNOR:BBS TECHNOLOGIES, INC.;REEL/FRAME:029429/0262
Effective date: 20120127
Owner name: IDERA, INC., TEXAS
|Dec 13, 2012||FPAY||Fee payment|
Year of fee payment: 4
|Dec 13, 2012||SULP||Surcharge for late payment|
|Jun 6, 2013||AS||Assignment|
Free format text: SECURITY AGREEMENT;ASSIGNOR:IDERA, INC.;REEL/FRAME:030574/0185
Effective date: 20121120
Owner name: SQUARE 1 BANK, NORTH CAROLINA
|Jul 11, 2013||AS||Assignment|
Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:SQUARE 1 BANK;REEL/FRAME:030781/0275
Effective date: 20130709
Owner name: IDERA, INC. F/K/A BBS TECHNOLOGIES, INC., TEXAS
|Sep 8, 2014||AS||Assignment|
Owner name: COMERICA BANK, AS AGENT, MICHIGAN
Free format text: SECURITY INTEREST;ASSIGNORS:IDERA, INC.;PRECISE SOFTWARE SOLUTIONS, INC.;COPPEREGG CORPORATION;REEL/FRAME:033696/0004
Effective date: 20140905
|Nov 25, 2014||AS||Assignment|
Effective date: 20141105
Owner name: FIFTH STREET MANAGEMENT LLC, AS AGENT, CONNECTICUT
Free format text: SECURITY INTEREST;ASSIGNORS:IDERA, INC.;PRECISE SOFTWARE SOLUTIONS, INC.;COPPEREGG CORPORATION;REEL/FRAME:034260/0360