Systems and methods for providing real time security and access monitoring of a removable media device

US 10,417,400 B2
Filed: 07/21/2014
Issued: 09/17/2019
Est. Priority Date: 11/19/2008
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method comprising:

detecting a removable media device being coupled to an external device port of a digital device, the digital device having an operating system and a file system, the removable media device having a login module;

causing, after detecting the removable media device being coupled to the external device port of the digital device, at least a portion of redirection code to be generated on the digital device by the login module of the removable media device, the redirection code including an interceptor, a data security policy, and a data security process;

intercepting, using the interceptor, a first function call to the operating system or the file system of the digital device before the first function call is executed by the operating system or the file system, the first function call including a request of the operating system or the file system to retrieve data from or write data to the removable media device, the first function call being initiated by a particular user or a particular application; and

performing a set of one or more second function calls in response to intercepting the first function call, the set of one or more second function calls not including the first function call, the set of one or more second function calls including a data-security-based second function call, the data-security-based second function call causing the steps of;

executing the data security process, the data security process determining whether the particular user or the particular application is authorized to retrieve the data from or write the data to the removable media device, and thus whether to allow the first function call based at least on results of the data security process; and

allowing the operating system or the file system to execute the first function call in response to a determination to allow the first function call.

View all claims

3 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

In various embodiments, a method comprises detecting a removable media device coupled to a digital device, authenticating a password to access the removable media device, injecting redirection code into the digital device, intercepting, with the redirection code, a request for data, determining to allow the request for data based on a security policy, and providing the data based on the determination. The method may further comprise selecting the security policy from a plurality of security policies based, at least in part, on the password and/or filtering the content of the requested data. Filtering the content may comprise scanning the data for malware. Filtering the content may also comprise scanning the data for confidential information.

Citations

21 Claims

1. A method comprising:
- detecting a removable media device being coupled to an external device port of a digital device, the digital device having an operating system and a file system, the removable media device having a login module;
  
  causing, after detecting the removable media device being coupled to the external device port of the digital device, at least a portion of redirection code to be generated on the digital device by the login module of the removable media device, the redirection code including an interceptor, a data security policy, and a data security process;
  
  intercepting, using the interceptor, a first function call to the operating system or the file system of the digital device before the first function call is executed by the operating system or the file system, the first function call including a request of the operating system or the file system to retrieve data from or write data to the removable media device, the first function call being initiated by a particular user or a particular application; and
  
  performing a set of one or more second function calls in response to intercepting the first function call, the set of one or more second function calls not including the first function call, the set of one or more second function calls including a data-security-based second function call, the data-security-based second function call causing the steps of;
  
  executing the data security process, the data security process determining whether the particular user or the particular application is authorized to retrieve the data from or write the data to the removable media device, and thus whether to allow the first function call based at least on results of the data security process; and
  
  allowing the operating system or the file system to execute the first function call in response to a determination to allow the first function call.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 18, 19)
- - 2. The method of claim 1, further comprising selecting the data security policy from a plurality of data security policies based, at least in part, on a password, wherein different passwords are associated with different access rights defined by different data security policies.
  - 3. The method of claim 1, wherein the data security process filters content of the data.
  - 4. The method of claim 3, wherein the data security process filters the content by scanning the data for confidential information.
  - 5. The method of claim 1, wherein causing the at least a portion of the redirection code to be generated comprises injecting the at least a portion of the redirection code into the digital device by temporarily replacing one or more dynamic-link libraries (dlls) within the digital device.
  - 6. The method of claim 1, wherein causing the at least a portion of the redirection code to be generated comprises injecting the at least a portion of the redirection code into the digital device by enumerating user processes of the digital device and injecting dlls into the enumerated user processes.
  - 7. The method of claim 1, further comprising receiving a shut down command and removing the at least a portion of the redirection code in response to the shut down command.
  - 8. The method of claim 1, further comprising removing the at least a portion of the redirection code in response to a detection that the removable media device is no longer coupled to the digital device.
  - 18. The method of claim 1, wherein the data security process includes an authentication process.
  - 19. The method of claim 1, wherein the data security process includes a malware detection process.

9. A system comprising:
- an operating system of a digital device configured to detect a removable media device being coupled to an external device port of the digital device;
  
  one or more processors;
  
  memory coupled to the one or more processors, the memory storing instructions to instruct the one or more processors to implement;
  
  a login module configured to cause, after detecting the removable media device being coupled to the external device port of the digital device, at least a portion of redirection code to be generated on the digital device, the redirection code including an interceptor, a data security policy, and a data security process, the interceptor configured to intercept a first function call to the operating system of the digital device before the first function call is executed by the operating system, the first function call including a request of the operating system to retrieve data from or write data to the removable media device, the first function call being initiated by a particular user or a particular application, the data security process configured to perform a set of one or more second function calls in response to intercepting the first function call, the set of one or more second function calls not including the first function call, the data security policy configured to evaluate data on the removable security device for malware, and the data security policy configured to determine whether to allow the first function call based at least on results of the data security process.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 20, 21)
- - 10. The system of claim 9, wherein the login module is further configured to select the data security policy from a plurality of data security policies based, at least in part, on a password, wherein different passwords are associated with different access rights defined by different data security policies.
  - 11. The system of claim 9, wherein the login module is further configured to filter content of the data.
  - 12. The system of claim 11, wherein filtering the content comprises scanning the data for confidential information.
  - 13. The system of claim 9, wherein the login module configured to cause the at least a portion of the redirection code to be generated comprises the login module configured to inject the at least a portion of the redirection code into the digital device by temporarily replacing one or more dynamic-link libraries (dlls) within the digital device.
  - 14. The system of claim 9, wherein the login module configured to cause the at least a portion of the redirection code to be generated comprises the login module configured to inject the at least a portion of the redirection code into the digital device by enumerating user processes of the digital device and injecting dlls into the enumerated user processes.
  - 15. The system of claim 9, wherein the digital device is configured to receive a shut down command and remove the at least a portion of the redirection code in response to the shut down command.
  - 16. The system of claim 9, wherein the digital device is configured to remove the at least a portion of the redirection code in response to a detection that the removable media device is no longer coupled to the digital device.
  - 20. The system of claim 9, wherein the data security process includes an authentication process.
  - 21. The system of claim 9, wherein the data security process includes a malware detection process.

17. A non-transitory computer readable media comprising instructions, the instructions executable by a processor to perform a method, the method comprising:
- detecting a removable media device being coupled to an external device port of a digital device, the digital device having an operating system and a file system, the removable media device having a login module;
  
  causing, after detecting the removable media device being coupled to the external device port of the digital device, at least a portion of redirection code to be generated on the digital device by the login module of the removable media device, the redirection code including an interceptor, a data security policy, and a data security process;
  
  intercepting, using the interceptor, a first function call to the operating system or the file system of the digital device before the first function call is executed by the operating system or the file system, the first function call including a request of the operating system or the file system to retrieve data from or write data to the removable media device, the first function call being initiated by a particular user or a particular application; and
  
  performing a set of one or more second function calls in response to intercepting the first function call, the set of one or more second function calls not including the first function call, the set of one or more second function calls including a data-security-based second function call, the data-security-based second function call causing the steps of;
  
  executing the data security process, the data security process determining whether the particular user or the particular application is authorized to retrieve the data from or write the data to the removable media device, and thus whether to allow the first function call based at least on results of the data security process; and
  
  allowing the operating system or the file system to execute the first function call in response to a determination to allow the first function call.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
CUPP Computing AS
Original Assignee
CUPP Computing AS
Inventors
Touboul, Shlomo, Ferdman, Sela, Yusim, Yonathan
Primary Examiner(s)
Wright, Bryan F

Application Number

US14/337,101
Publication Number

US 20150047021A1
Time in Patent Office

1,884 Days
Field of Search

726 19
US Class Current
CPC Class Codes

G06F 11/1446   Point-in-time backing up or...

G06F 11/1456   Hardware arrangements for b...

G06F 11/3034   where the computing system ...

G06F 11/3438   monitoring of user actions ...

G06F 11/3476   Data logging G06F11/14, G06...

G06F 21/31   User authentication

G06F 21/52   during program execution, e...

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 21/85   interconnection devices, e....

G06F 2221/034   Test or assess a computer o...

H04L 63/0227   Filtering policies mail mes...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

Systems and methods for providing real time security and access monitoring of a removable media device

First Claim

3 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing real time security and access monitoring of a removable media device

First Claim

3 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links