Security System with Methodology for Defending Against Security Breaches of Peripheral Devices

US 20050138433A1
Filed: 12/23/2003
Published: 06/23/2005
Est. Priority Date: 12/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method for protecting a computer from security breaches involving devices that may be attached to the computer, the method comprising:

when a device is first attached to the computer, specifying authorization information indicating that the device is allowed to communicate with the computer;

detecting detachment of the device from the computer;

updating the authorization information to indicate that the device is no longer authorized to communicate with the computer; and

upon reattachment of the device, blocking communication with the device while the device remains unauthorized, thereby preventing a security breach involving the device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system with methodology for defending against security breaches of peripheral devices is described. In one embodiment, for example, a method is described for protecting a computer from security breaches involving devices that may be attached to the computer, the method comprises steps of: when a device is first attached to the computer, specifying authorization information indicating that the device is allowed to communicate with the computer; detecting detachment of the device from the computer; updating the authorization information to indicate that the device is no longer authorized to communicate with the computer; and upon reattachment of the device, blocking communication with the device while the device remains unauthorized, thereby preventing a security breach involving the device.

314 Citations

58 Claims

1. A method for protecting a computer from security breaches involving devices that may be attached to the computer, the method comprising:
- when a device is first attached to the computer, specifying authorization information indicating that the device is allowed to communicate with the computer;
  
  detecting detachment of the device from the computer;
  
  updating the authorization information to indicate that the device is no longer authorized to communicate with the computer; and
  
  upon reattachment of the device, blocking communication with the device while the device remains unauthorized, thereby preventing a security breach involving the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein said specifying step includes:
    - specifying a password for authorizing the device.
  - 3. The method of claim 1, wherein said specifying step includes:
    - specifying at least one user with sufficient privileges to authorize the device.
  - 4. The method of claim 1, wherein the device is attached to the computer via a port.
  - 5. The method of claim 4, wherein the port is a selected one of a USB port, an RS-232 port, a parallel port, a SCSI port, and an IEEE 1394 port.
  - 6. The method of claim 1, wherein said device comprises an input device and wherein said blocking step includes blocking input from the input device.
  - 7. The method of claim 6, wherein said input device is a keyboard device.
  - 8. The method of claim 7, further comprising:
    - upon reattachment of the keyboard device, trapping keystrokes from the keyboard device.
  - 9. The method of claim 8, further comprising:
    - determining whether keystrokes trapped from the keyboard comprise a password that may be used to authorize the device.
  - 10. The method of claim 1, wherein said device comprises a detachable storage device and wherein said blocking step includes blocking any data stream from the storage device.
  - 11. The method of claim 1, wherein said blocking step includes:
    - blocking communication from the computer to the device while the device remains unauthorized.
  - 12. The method of claim 1, further comprising:
    - receiving input authorizing the device; and
      
      thereafter allowing communication with the device.
  - 13. The method of claim 12, wherein the input comprises password input from an authorized user.
  - 14. The method of claim 1, further comprising:
    - upon detecting detachment of the device from the computer, generating an alert that reports the detachment.
  - 15. The method of claim 14, wherein the alert is automatically transmitted to a system administrator.
  - 16. The method of claim 14, wherein the alert is automatically transmitted to a remote administration module operating on a different computer.
  - 17. The method of claim 1, further comprising:
    - receiving authorization from a remote administration module; and
      
      thereafter allowing communication with the device.
  - 18. The method of claim 1, wherein said specifying step includes:
    - specifying an operating system hook that allows attachment and detachment of devices to be detected.
  - 19. The method of claim 1, wherein said updating step includes:
    - updating the authorization information to indicate that the device is currently untrusted.
  - 20. The method of claim 1, wherein said updating step includes:
    - treating the detachment as a security breach and blocking communication with a network node that the computer resides on.
  - 21. A computer-readable medium having processor-executable instructions for performing the method of claim 1.
  - 22. A downloadable set of processor-executable instructions for performing the method of claim 1.

23. A system for protecting a computer from security breaches involving devices that may be attached to the computer, the system comprising:
- an agent module for specifying authorization information indicating that a device is allowed to communicate with the computer when the device is first attached to the computer;
  
  for detecting detachment of the device from the computer; and
  
  for updating the authorization information to indicate that the device is no longer authorized to communicate with the computer; and
  
  a filter module for blocking communication with the device while the device remains unauthorized, thereby preventing a security breach involving the device.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 24. The system of claim 23, wherein the agent module includes:
    - program logic for specifying a password for authorizing the device.
  - 25. The system of claim 23, wherein the agent module includes:
    - program logic for specifying at least one user with sufficient privileges to authorize the device.
  - 26. The system of claim 23, wherein the device is attached to the computer via a port.
  - 27. The system of claim 26, wherein the port is a selected one of a USB port, an RS-232 port, a parallel port, a SCSI port, and an IEEE 1394 port.
  - 28. The system of claim 23, wherein said device comprises an input device and wherein the filter module includes program logic for blocking input from the input device.
  - 29. The system of claim 28, wherein said input device is a keyboard device.
  - 30. The system of claim 29, wherein said filter module includes:
    - program logic for trapping keystrokes from the keyboard device.
  - 31. The system of claim 30, wherein said filter module further includes:
    - program logic for determining whether keystrokes trapped from the keyboard comprise a password that may be used to authorize the device.
  - 32. The system of claim 23, wherein said device comprises a detachable storage device and wherein the filter module includes program logic for blocking any data stream from the storage device.
  - 33. The system of claim 23, wherein the filter module includes:
    - program logic for blocking communication from the computer to the device while the device remains unauthorized.
  - 34. The system of claim 23, wherein said modules further comprise:
    - program logic for receiving input authorizing the device, and thereafter program logic for allowing communication with the device.
  - 35. The system of claim 34, wherein the input comprises password input from an authorized user.
  - 36. The system of claim 23, wherein said agent module further comprises:
    - program logic for generating an alert that reports the detachment.
  - 37. The system of claim 36, wherein the alert is automatically transmitted to a system administrator.
  - 38. The system of claim 36, wherein the alert is automatically transmitted to a remote administration module operating on a different computer.
  - 39. The system of claim 23, wherein said modules further comprises:
    - program logic for receiving receiving authorization from a remote administration module; and
      
      thereafter program logic for allowing communication with the device.
  - 40. The system of claim 23, wherein the agent module includes:
    - program logic for specifying an operating system hook that allows attachment and detachment of devices to be detected.
  - 41. The system of claim 23, wherein the agent module includes:
    - program logic for updating the authorization information to indicate that the device is currently untrusted.
  - 42. The system of claim 23, wherein the agent module includes:
    - program logic for treating the detachment as a security breach and blocking communication with a network node that the computer resides on.

43. A method for securing a computer from security breaches involving peripheral devices, the method comprising:
- specifying a password to be supplied for authorizing a peripheral device to communicate with the computer;
  
  detecting each attachment of the peripheral device to the computer;
  
  upon each attachment, blocking communications with the peripheral device until the password is supplied; and
  
  if the password is supplied, permitting the peripheral device to communicate with the computer.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
- - 44. The method of claim 43, wherein said specifying step includes:
    - specifying at least one user with sufficient privileges to authorize the peripheral device.
  - 45. The method of claim 43, wherein the peripheral device is attached to the computer via a port.
  - 46. The method of claim 43, wherein said peripheral device comprises an input device and wherein said blocking step includes blocking input from the input device.
  - 47. The method of claim 46, wherein said input device is a keyboard device.
  - 48. The method of claim 47, further comprising:
    - upon reattachment of the keyboard device, trapping keystrokes from the keyboard device.
  - 49. The method of claim 48, further comprising:
    - determining whether keystrokes trapped from the keyboard comprise a password that may be used to authorize the device.
  - 50. The method of claim 43, wherein said blocking step includes:
    - blocking communication from the computer to the peripheral device while the peripheral device remains unauthorized.
  - 51. The method of claim 43, further comprising:
    - upon any detachment of the peripheral device from the computer, generating an alert that reports the detachment.
  - 52. The method of claim 51, wherein the alert is automatically transmitted to a system administrator.
  - 53. The method of claim 51, wherein the alert is automatically transmitted to a remote administration module operating on a different computer.
  - 54. The method of claim 43, further comprising:
    - receiving the password from a remote administration module; and
      
      thereafter allowing communication with the peripheral device.
  - 55. The method of claim 43, wherein said specifying step includes:
    - specifying an operating system hook that allows attachment and detachment of peripheral devices to be detected.
  - 56. The method of claim 43, further comprising:
    - treating any detachment of the peripheral device as a security breach and blocking communication with a network node that the computer resides on.
  - 57. A computer-readable medium having processor-executable instructions for performing the method of claim 43.
  - 58. A downloadable set of processor-executable instructions for performing the method of claim 43.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Check Point Software Technologies Incorporated (Check Point Software Technologies Limited)
Original Assignee
Zone Labs Inc. (Check Point Software Technologies Limited)
Inventors
Linetsky, Gene

Granted Patent

US 8,281,114 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/19
CPC Class Codes

G06F 21/31   User authentication

G06F 21/82   Protecting input, output or...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

Security System with Methodology for Defending Against Security Breaches of Peripheral Devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

314 Citations

58 Claims

Specification

Use Cases

Quick Links

Others

Security System with Methodology for Defending Against Security Breaches of Peripheral Devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

314 Citations

58 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others