Apparatus and method for locking and unlocking removable media for use inside and outside protected systems

US 10,614,219 B2
Filed: 03/27/2017
Issued: 04/07/2020
Est. Priority Date: 06/03/2016
Status: Active Grant

First Claim

Patent Images

1. An apparatus for locking and unlocking removable media for use in a protected system, the apparatus comprising:

at least one interface configured to be coupled to a removable storage device; and

at least one processing device configured to;

detect the removable storage device; and

perform a check-in process for the removable storage device, wherein, to perform the check-in process, the at least one processing device is configured to;

scan the storage device to identify any malware contained on the removable storage device;

calculate a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device;

verify whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device;

lock a file system of the removable storage device by modifying the file system of the removable storage device such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device;

allow the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and

perform a check-out process for the removable storage device, wherein, to perform the check-out process, the at least one processing device is configured to restore the file system so that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes detecting a storage device and performing a check-in process for the storage device. The check-in process includes scanning the storage device to identify any malware contained on the storage device, digitally signing one or more clean files on the storage device, and modifying a file system of the storage device. The method may also include performing a check-out process for the storage device, where the check-out process includes restoring the file system of the storage device. The file system of the storage device can be modified during the check-in process so that one or more protected nodes within a protected system are able to recognize the modified file system of the storage device and nodes outside of the protected system cannot recognize the modified file system of the storage device.

Citations

17 Claims

1. An apparatus for locking and unlocking removable media for use in a protected system, the apparatus comprising:
- at least one interface configured to be coupled to a removable storage device; and
  
  at least one processing device configured to;
  
  detect the removable storage device; and
  
  perform a check-in process for the removable storage device, wherein, to perform the check-in process, the at least one processing device is configured to;
  
  scan the storage device to identify any malware contained on the removable storage device;
  
  calculate a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device;
  
  verify whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device;
  
  lock a file system of the removable storage device by modifying the file system of the removable storage device such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device;
  
  allow the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and
  
  perform a check-out process for the removable storage device, wherein, to perform the check-out process, the at least one processing device is configured to restore the file system so that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the at least one processing device is configured to:
    - create a backup of contents of the removable storage device during the check-in process; and
      
      restore the contents to the removable storage device in response to a request for restoration of the removable storage device from a user.
  - 3. The apparatus of claim 1, wherein the at least one processing device is configured to:
    - detect that a determination cannot be made whether a specified file on the removable storage device is clean or definitively contains malware;
      
      provide at least part of the specified file to an external system for analysis; and
      
      receive from the external system an indication whether the specified file is clean or contains malware.
  - 4. The apparatus of claim 1, wherein the at least one processing device is configured to:
    - determine a type of the removable storage device during the check-in process;
      
      determine whether the type of the removable storage device is allowed in the protected system during the check-in process; and
      
      block usage of the removable storage device in the protected system in response to determining that the type of the removable storage device is not allowed in the protected system.
  - 5. The apparatus of claim 1, wherein the at least one processing device is configured to encrypt one or more components of the file system in order to modify the file system of the removable storage device.
  - 6. The apparatus of claim 1, wherein the check-in processes further comprises encrypting the one or more clean files, and the checkout process further comprises decrypting the one or more clean files.

7. A method comprising:
- detecting a removable storage device; and
  
  performing a check-in process for the removable storage device, wherein the check-in process comprises;
  
  scanning the removable storage device to identify any malware contained on the removable storage device;
  
  calculating a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device;
  
  verifying whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device;
  
  locking a file system of the removable storage device by modifying the file system of the removable storage device including altering at least part of the file system using a certificate or private key, wherein the file system is modified such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device;
  
  allowing one or more protected nodes within the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and
  
  performing a check-out processor for the removable storage device, wherein the check-out process comprises;
  
  restoring the file system such that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising:
    - creating a backup of contents of the removable storage device during the check-in process; and
      
      restoring the contents to the removable storage device in response to a request for restoration of the removable storage device from a user.
  - 9. The method of claim 7, wherein the check-in process comprises:
    - detecting that a determination cannot be made whether a specified file on the removable storage device is clean or definitively contains malware;
      
      providing at least part of the specified file to an external system for analysis; and
      
      receiving from the external system an indication whether the specified file is clean or contains malware.
  - 10. The method of claim 7, wherein the check-in process comprises:
    - determining a type of the removable storage device during the check-in process;
      
      determining whether the type of the removable storage device is allowed in the protected system during the check-in process; and
      
      blocking usage of the removable storage device in the protected system in response to determining that the type of the removable storage device is not allowed in the protected system.
  - 11. The method of claim 7, wherein the check-in process comprises digitally signing the removable storage device itself.
  - 12. The method of claim 7, wherein the check-in processes further comprises encrypting the one or more clean files.

13. A non-transitory computer readable medium containing instructions that, when executed by at least one processing device, cause the at least one processing device to:
- detect a removable storage device; and
  
  perform a check-in process for the removable storage device, wherein the check-in process comprises;
  
  scanning the removable storage device to identify any malware contained on the removable storage device;
  
  calculating a current hash value using a hash generation algorithm for each of the or more files;
  
  verifying whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device;
  
  locking a file system of the removable storage device by modifying the file system of the removable storage device including altering the file system such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device;
  
  allowing one or more protected nodes within the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and
  
  perform a check-out processor for the removable storage device, wherein the check-out process comprises;
  
  restoring the file system such that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer readable medium of claim 13, further containing instructions that, when executed by the at least one processing device, cause the at least one processing device to:
    - create a backup of contents of the removable storage device during the check-in process; and
      
      restore the contents to the removable storage device in response to a request for restoration of the storage device from a user.
  - 15. The non-transitory computer readable medium of claim 13, wherein the instructions that when executed cause the at least one processing device to perform the check-in process comprise:
    - instructions that when executed cause the at least one processing device to;
      
      detect that a determination cannot be made whether a specified file on the removable storage device is clean or definitively contains malware;
      
      provide at least part of the specified file to an external system for analysis; and
      
      receive from the external system an indication whether the specified file is clean or contains malware.
  - 16. The non-transitory computer readable medium of claim 13, wherein the instructions that when executed cause the at least one processing device to perform the check-in process comprise:
    - instructions that when executed cause the at least one processing device to;
      
      determine a type of the removable storage device during the check-in process;
      
      determine whether the type of the removable storage device is allowed in the protected system during the check-in process; and
      
      block usage of the removable storage device in the protected system in response to determining that the type of the removable storage device is not allowed in the protected system.
  - 17. The non-transitory computer readable medium of claim 13, wherein the check-in processes further comprises encrypting the one or more clean files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Knapp, Eric D., Boice, Eric T.
Primary Examiner(s)
Chbouki, Tarek
Assistant Examiner(s)
Algibhah, Maher N

Application Number

US15/469,767
Publication Number

US 20170351858A1
Time in Patent Office

1,107 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/1446   Point-in-time backing up or...

G06F 11/3006   where the computing system ...

G06F 11/3433   for load management allocat...

G06F 21/52   during program execution, e...

G06F 21/56   Computer malware detection ...

G06F 21/565   by checking file integrity

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

G06F 21/568   eliminating virus, restorin...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2201/84   Using snapshots, i.e. a log...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

Apparatus and method for locking and unlocking removable media for use inside and outside protected systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for locking and unlocking removable media for use inside and outside protected systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links