System and method for auditing file access to secure media by nodes of a protected system

US 10,643,007 B2
Filed: 03/27/2017
Issued: 05/05/2020
Est. Priority Date: 06/03/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting a storage device;

determining whether the storage device has been checked-in for use with at least a protected node;

granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node;

storing data identifying file activity involving the storage device on the storage device;

copying one or more log files stored at the protected node onto the storage device; and

appending data identifying details of the file activity to the one or more log files.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes detecting a storage device and determining whether the storage device has been checked-in for use with at least a protected node. The method also includes granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node. The method further includes storing data identifying file activity involving the storage device on the storage device. The data could identify all files copied to or from the storage device and all file activity that is blocked from occurring on the storage device. The method may also include copying one or more log files stored at the protected node onto the storage device, and storing the data identifying the file activity may include appending data identifying details of the file activity to the one or more log files.

Citations

16 Claims

1. A method comprising:
- detecting a storage device;
  
  determining whether the storage device has been checked-in for use with at least a protected node;
  
  granting access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node;
  
  storing data identifying file activity involving the storage device on the storage device;
  
  copying one or more log files stored at the protected node onto the storage device; and
  
  appending data identifying details of the file activity to the one or more log files.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the data identifies meaningful file access involving the storage device.
  - 3. The method of claim 2, wherein the data identifies all files copied to or from the storage device and all file activity that is blocked from occurring on the storage device.
  - 4. The method of claim 1, wherein the data identifying the details of the file activity comprises data identifying:
    - a source node or device identifier;
      
      a target node or device identifier;
      
      one or more addresses of each of the source and target nodes or devices;
      
      a file name, a file size, a file type, and a file permission of a file associated with the file activity;
      
      an active user associated with the file activity; and
      
      whether the file activity was allowed, blocked, or successful.

5. An apparatus comprising:
- at least one interface configured to be coupled to a storage device; and
  
  at least one processing device configured to;
  
  detect the storage device;
  
  determine whether the storage device has been checked-in for use with at least the apparatus;
  
  grant access to the storage device in response to determining that the storage device has been checked-in for use with at least the apparatus;
  
  store data identifying file activity involving the storage device on the storage device;
  
  copy one or more log files stored at the protected node onto the storage device; and
  
  append data identifying details of the file activity to the one or more log files.
- View Dependent Claims (6, 7)
- - 6. The apparatus of claim 5, wherein the data identifies meaningful file access involving the storage device.
  - 7. The apparatus of claim 6, wherein the data identifies all files copied to or from the storage device and all file activity that is blocked from occurring on the storage device.

8. A method comprising:
- detecting a storage device;
  
  determining that the storage device has been previously checked-in for use with at least one protected node;
  
  performing a check-out process for the storage device, the check-out process modifying the storage device so that the storage device is not recognizable by the at least one protected node;
  
  retrieving data by copying one or more encrypted log files from the storage device, the data identifying file activity involving the storage device and the at least one protected node;
  
  decrypting the one or more log files; and
  
  storing the data.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the data identifies all files copied to or from the storage device and all file activity that is blocked from occurring on the storage device.
  - 10. The method of claim 8, wherein the data comprises, for each file activity, data identifying:
    - a source node or device identifier;
      
      a target node or device identifier;
      
      one or more addresses of each of the source and target nodes or devices;
      
      a file name, a file size, a file type, and a file permission of a file associated with the file activity;
      
      an active user associated with the file activity; and
      
      whether the file activity was allowed, blocked, or successful.
  - 11. The method of claim 8, further comprising at least one of:
    - generating an audit log using the data;
      
      generating a report using the data; and
      
      transmitting the data to an external destination.

12. An apparatus comprising:
- at least one memory;
  
  at least one interface configured to be coupled to a storage device; and
  
  at least one processing device configured to;
  
  detect the storage device;
  
  determine that the storage device has been previously checked-in for use with at least one protected node;
  
  perform a check-out process for the storage device, the check-out process modifying the storage device so that the storage device is not recognizable by the at least one protected node;
  
  retrieve data by copying one or more encrypted log files from the storage device, the data identifying file activity involving the storage device and the at least one protected node;
  
  decrypt the one or more log files; and
  
  store the data in the at least one memory.
- View Dependent Claims (13)
- - 13. The apparatus of claim 12, wherein the data identifies all files copied to or from the storage device and all file activity that is blocked from occurring on the storage device.

14. A system comprising:
- one or more protected nodes within a protected system, each protected node comprising;
  
  at least one interface configured to be coupled to a storage device; and
  
  at least one processing device configured to;
  
  detect the storage device;
  
  determine whether the storage device has been checked-in for use with at least the protected node;
  
  grant access to the storage device in response to determining that the storage device has been checked-in for use with at least the protected node; and
  
  store data identifying file activity involving the storage device on the storage device;
  
  copy one or more log files stored at the protected node onto the storage device; and
  
  append data identifying details of the file activity to the one or more log files;
  
  a server configured to;
  
  perform a check-in process so that one or more files on the storage device are (i) accessible by the one or more protected nodes within the protected system and (ii) not accessible by nodes outside of the protected system while the storage device is checked-in;
  
  perform a check-out process so that the one or more files on the storage device are (i) accessible by the nodes outside of the protected system and (ii) not accessible by the one or more protected nodes within the protected system while the storage device is checked-out; and
  
  retrieve and store the data identifying the file activity from the storage device.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, wherein the server is configured to retrieve and store the data identifying the file activity as part of the check-out process.
  - 16. The system of claim 14, wherein:
    - the at least one processing device of each protected node is further configured to store data identifying device access involving the storage device on the storage device; and
      
      the server is further configured to retrieve and store the data identifying the device access from the storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Knapp, Eric D., Boice, Eric T.
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/470,015
Publication Number

US 20170351877A1
Time in Patent Office

1,135 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/176   Support for shared access t...

G06F 21/562   Static detection

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

G06F 21/78   to assure secure storage of...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

System and method for auditing file access to secure media by nodes of a protected system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for auditing file access to secure media by nodes of a protected system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links