Apparatus and method for locking and unlocking removable media for use inside and outside protected systems
First Claim
1. An apparatus for locking and unlocking removable media for use in a protected system, the apparatus comprising:
- at least one interface configured to be coupled to a removable storage device; and
at least one processing device configured to;
detect the removable storage device; and
perform a check-in process for the removable storage device, wherein, to perform the check-in process, the at least one processing device is configured to;
scan the storage device to identify any malware contained on the removable storage device;
calculate a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device;
verify whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device;
lock a file system of the removable storage device by modifying the file system of the removable storage device such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device;
allow the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and
perform a check-out process for the removable storage device, wherein, to perform the check-out process, the at least one processing device is configured to restore the file system so that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes detecting a storage device and performing a check-in process for the storage device. The check-in process includes scanning the storage device to identify any malware contained on the storage device, digitally signing one or more clean files on the storage device, and modifying a file system of the storage device. The method may also include performing a check-out process for the storage device, where the check-out process includes restoring the file system of the storage device. The file system of the storage device can be modified during the check-in process so that one or more protected nodes within a protected system are able to recognize the modified file system of the storage device and nodes outside of the protected system cannot recognize the modified file system of the storage device.
-
Citations
17 Claims
-
1. An apparatus for locking and unlocking removable media for use in a protected system, the apparatus comprising:
-
at least one interface configured to be coupled to a removable storage device; and at least one processing device configured to; detect the removable storage device; and perform a check-in process for the removable storage device, wherein, to perform the check-in process, the at least one processing device is configured to; scan the storage device to identify any malware contained on the removable storage device; calculate a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device; verify whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device; lock a file system of the removable storage device by modifying the file system of the removable storage device such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device; allow the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and perform a check-out process for the removable storage device, wherein, to perform the check-out process, the at least one processing device is configured to restore the file system so that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
detecting a removable storage device; and performing a check-in process for the removable storage device, wherein the check-in process comprises; scanning the removable storage device to identify any malware contained on the removable storage device; calculating a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device; verifying whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device; locking a file system of the removable storage device by modifying the file system of the removable storage device including altering at least part of the file system using a certificate or private key, wherein the file system is modified such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device; allowing one or more protected nodes within the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and performing a check-out processor for the removable storage device, wherein the check-out process comprises; restoring the file system such that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable medium containing instructions that, when executed by at least one processing device, cause the at least one processing device to:
-
detect a removable storage device; and perform a check-in process for the removable storage device, wherein the check-in process comprises; scanning the removable storage device to identify any malware contained on the removable storage device; calculating a current hash value using a hash generation algorithm for each of the or more files; verifying whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device; locking a file system of the removable storage device by modifying the file system of the removable storage device including altering the file system such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device; allowing one or more protected nodes within the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and perform a check-out processor for the removable storage device, wherein the check-out process comprises; restoring the file system such that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device. - View Dependent Claims (14, 15, 16, 17)
-
Specification