System and method for auditing file access to secure media by nodes of a protected system
First Claim
1. A method comprising:
- detecting a storage device;
determining whether the storage device has been checked-in for use with at least a protected node;
granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node;
storing data identifying file activity involving the storage device on the storage device;
copying one or more log files stored at the protected node onto the storage device; and
appending data identifying details of the file activity to the one or more log files.
1 Assignment
0 Petitions
Accused Products
Abstract
A method includes detecting a storage device and determining whether the storage device has been checked-in for use with at least a protected node. The method also includes granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node. The method further includes storing data identifying file activity involving the storage device on the storage device. The data could identify all files copied to or from the storage device and all file activity that is blocked from occurring on the storage device. The method may also include copying one or more log files stored at the protected node onto the storage device, and storing the data identifying the file activity may include appending data identifying details of the file activity to the one or more log files.
-
Citations
16 Claims
-
1. A method comprising:
-
detecting a storage device; determining whether the storage device has been checked-in for use with at least a protected node; granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node; storing data identifying file activity involving the storage device on the storage device; copying one or more log files stored at the protected node onto the storage device; and appending data identifying details of the file activity to the one or more log files. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus comprising:
-
at least one interface configured to be coupled to a storage device; and at least one processing device configured to; detect the storage device; determine whether the storage device has been checked-in for use with at least the apparatus; grant access to the storage device in response to determining that the storage device has been checked-in for use with at least the apparatus; store data identifying file activity involving the storage device on the storage device; copy one or more log files stored at the protected node onto the storage device; and append data identifying details of the file activity to the one or more log files. - View Dependent Claims (6, 7)
-
-
8. A method comprising:
-
detecting a storage device; determining that the storage device has been previously checked-in for use with at least one protected node; performing a check-out process for the storage device, the check-out process modifying the storage device so that the storage device is not recognizable by the at least one protected node; retrieving data by copying one or more encrypted log files from the storage device, the data identifying file activity involving the storage device and the at least one protected node; decrypting the one or more log files; and storing the data. - View Dependent Claims (9, 10, 11)
-
-
12. An apparatus comprising:
-
at least one memory; at least one interface configured to be coupled to a storage device; and at least one processing device configured to; detect the storage device; determine that the storage device has been previously checked-in for use with at least one protected node; perform a check-out process for the storage device, the check-out process modifying the storage device so that the storage device is not recognizable by the at least one protected node; retrieve data by copying one or more encrypted log files from the storage device, the data identifying file activity involving the storage device and the at least one protected node; decrypt the one or more log files; and store the data in the at least one memory. - View Dependent Claims (13)
-
-
14. A system comprising:
one or more protected nodes within a protected system, each protected node comprising; at least one interface configured to be coupled to a storage device; and at least one processing device configured to; detect the storage device; determine whether the storage device has been checked-in for use with at least the protected node; grant access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node; and store data identifying file activity involving the storage device on the storage device; copy one or more log files stored at the protected node onto the storage device; and append data identifying details of the file activity to the one or more log files; a server configured to; perform a check-in process so that one or more files on the storage device are (i) accessible by the one or more protected nodes within the protected system and (ii) not accessible by nodes outside of the protected system while the storage device is checked-in; perform a check-out process so that the one or more files on the storage device are (i) accessible by the nodes outside of the protected system and (ii) not accessible by the one or more protected nodes within the protected system while the storage device is checked-out; and retrieve and store the data identifying the file activity from the storage device. - View Dependent Claims (15, 16)
Specification