Volume mount authentication

US 20060020792A1
Filed: 07/24/2004
Published: 01/26/2006
Est. Priority Date: 07/24/2004
Status: Active Grant

First Claim

Patent Images

1. A method of determining a level of trust for a computer media comprising the steps of:

a) obtaining metadata associated with said media;

b) obtaining calculation steps, c) applying said calculation steps to said metadata, thereby producing a trust factor score;

d) comparing said trust factor score with a scoring matrix, thereby producing a level of trust zone value; and

e) selecting a further action based upon said level of trust zone value.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is a variety of media that may be inserted into a reading or writing device, such as CD'"'"'s, USB drives, floppy disks, memory sticks, and many other devices. Media is inserted into a media reading or writing device that is in communication with a computer or network device. Upon insertion of the media, a number of metadata regarding that media is available to the computer. The trustworthy calculator is typically a plug-in software module that processes each piece of volume metadata and applies a weighed score, resulting in a Trustworthy Factor. A scoring matrix denotes ranges of values of the Trustworthy Factor into a Level of Trust Zone. Based on the Level of Trust Zone, appropriate action handlers may direct the computer to disallow the mounting of the media, may require specific authentication action to take place prior to allowing a mount of the media, or may indicate that the media may be mounted without further authentication. Upon completion of the execution of the action handlers, a decision to allow or disallow the mount is made.

Citations

59 Claims

1. A method of determining a level of trust for a computer media comprising the steps of:
- a) obtaining metadata associated with said media;
  
  b) obtaining calculation steps, c) applying said calculation steps to said metadata, thereby producing a trust factor score;
  
  d) comparing said trust factor score with a scoring matrix, thereby producing a level of trust zone value; and
  
  e) selecting a further action based upon said level of trust zone value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising the step of communicating said level of trust zone value to a computing device.
  - 3. The method of claim 2 further comprising the step of communicating said level of trust zone value to an operating system of said computing device.
  - 4. The method of claim 2 further comprising the step of communicating said level of trust zone value to a user of said computing device.
  - 5. The method of claim 1 wherein said calculation steps are obtained from a remote location.
  - 6. The method of claim 1 wherein said calculation steps are obtained from a computing device.
  - 7. The method of claim 1 further comprising the steps of:
    - a) identifying devices in communication with said media; and
      
      b) loading alternate calculation steps, said alternate loading based on the results of said identification of devices in communication with said media.
  - 8. The method as claimed in claim 7 wherein said alternate calculation steps are loaded from a remote location.
  - 9. The method as claimed in claim 1 wherein said scoring matrix is loaded from a remote location.
  - 10. The method of claim 1 further comprising the steps of:
    - a) identifying devices in communication with said media; and
      
      b) loading an alternate scoring matrix, said alternate loading based on the results of said identification of devices in communication with said media.
  - 11. The method as claimed in claim 10 wherein said alternate scoring matrix is loaded from a remote location.

12. An apparatus for determining volume mount authentication of a media comprising:
- a) means to obtain metadata associated with said media;
  
  b) means to obtain calculation steps;
  
  c) means to apply said calculation steps to said metadata, thereby producing a trust factor score;
  
  d) means to compare said trust factor score with a scoring matrix, thereby producing a level of trust zone value; and
  
  e) means to signal a further action based upon said level of trust zone value.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The apparatus of claim 12 further comprising communications means to communicate said level of trust zone value to a computing device.
  - 14. The apparatus of claim 12 further comprising communications means to communicate said level of trust zone value to an operating system of said computing device.
  - 15. The apparatus of claim 12 further comprising communications means to communicate said level of trust zone value to a user of said computing device.
  - 16. The apparatus of claim 12 wherein said means to obtain calculation steps further comprise means to obtain calculation steps from a remote location.
  - 17. The apparatus of claim 12 wherein said means to obtain calculation steps further comprise means to obtain calculation steps from a computing device.
  - 18. The apparatus of claim 12 further comprising:
    - a) identifying means to identify devices in communication with said apparatus; and
      
      b) means to load alternate calculation steps, said alternate calculations steps based on the results of said identification of devices in communication with said apparatus.
  - 19. The apparatus as claimed in claim 18 wherein said means to load alternate calculation steps further comprise means to load from a remote location.
  - 20. The apparatus as claimed in claim 12 further comprising means to load said scoring matrix from a remote location.
  - 21. The apparatus of claim 12 further comprising:
    - a) identifying means to identify devices in communication with said apparatus; and
      
      b) means to load an alternate scoring matrix, said alternate matrix based on the results of said identification of devices in communication with said apparatus.
  - 22. The method as claimed in claim 21 wherein said means to load said alternate scoring matrix further comprise means to load from a remote location.

23. A method for authenticating computer media for communication with a computing device, comprising the steps of:
- a) detecting a media volume mount point;
  
  b) deabstracting a logical address of said media volume mount point into a physical disk partition address;
  
  c) deabstracting said physical disk partition address into a physical storage device address;
  
  d) receiving a plurality of metadata elements from data structures associated with one or more components from the list comprising;
  
  said computer media, said physical storage device address, said physical disk partition address, a data communications channel, and said media volume mount point;
  
  e) loading a trustworthy factor calculator wherein said trustworthy factor calculator comprises calculation steps producing score values and maximum possible score values associated with said metadata elements;
  
  f) initializing said trustworthy factor calculator with a matrix of weighing factors associated with said plurality of metadata elements;
  
  g) accumulating a raw score based on said score values for said plurality of metadata elements, wherein each score value used in said accumulation of said raw score is adjusted by said associated weighing factors, accumulating an overall maximum possible score for said maximum possible score values, wherein each maximum possible score value used in said accumulation of said overall maximum score is adjusted by said associated weighing factors, normalizing said raw score with said overall maximum score, whereby a trustworthy factor score is produced;
  
  h) initializing said trustworthy factor calculator with a scoring matrix having discrete level of trust zone values associated with trustworthy factor scores;
  
  i) comparing said trustworthy factor score with said scoring matrix, whereby a level of trust zone value is produced;
  
  j) executing at least one zone action handler based on said level of trust zone value, said zone action handler returning at least one zone action handler response; and
  
  k) determining whether said volume mount point authentication should be permitted or denied based on the result of said zone action handlers response.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 24. The method as claimed in claim 23 wherein said detecting a media volume mount point comprises detecting existing volume mount points recognized by the computing device.
  - 25. The method as claimed in claim 23 further comprising the step of communicating said level of trust zone value to said computing device.
  - 26. The method as claimed in claim 23 further comprising the step of communicating said level of trust zone value to an operating system of said computing device.
  - 27. The method as claimed in claim 23 further comprising the step of communicating said level of trust zone value to a user of said computing device.
  - 28. The method as claimed in claim 23 wherein said trustworthy factor calculator loads calculation steps from a remote location.
  - 29. The method as claimed in claim 23 wherein said trustworthy factor calculator loads calculation steps locally from said computing device.
  - 30. The method as claimed in claim 23 further comprising the steps of:
    - a) identifying devices connected to said computing device; and
      
      b) loading alternate calculation steps producing score values and maximum possible score values associated with said metadata elements, said alternate loading based on the results of said identifying of devices connected to said computing device.
  - 31. The method as claimed in claim 30 wherein said alternate calculation steps are loaded from said computing device.
  - 32. The method as claimed in claim 30 wherein said alternate calculation steps are loaded from a remote location.
  - 33. The method as claimed in claim 23 further comprising the steps of:
    - a) identifying devices connected to said computing device; and
      
      b) adjusting said scoring matrix based upon the results of said identification of devices connected to said computing device.
  - 34. The method as claimed in claim 33 wherein said adjustments to said scoring matrix are loaded from a remote location.
  - 35. The method as claimed in claim 33 wherein said adjustments to said scoring matrix are loaded from said computing device.
  - 36. The method as claimed in claim 23 wherein said scoring matrix having discrete level of trust zone values is loaded from said computing device.
  - 37. The method as claimed in claim 23 wherein said scoring matrix having discrete level of trust zone values is loaded from a remote location.
  - 38. The method as claimed in claim 23 wherein said execution of a zone action handler comprises the step of requiring specific authentication action.
  - 39. The method as claimed in claim 23 wherein said execution of a zone action handler further comprises the step of determining whether the user belongs to a particular group.
  - 40. The method as claimed in claim 23 wherein said execution of a zone action handler further comprises the step of determining whether the user belongs to an administrative security group.
  - 41. The method as claimed in claim 23 wherein said execution of a zone action handler comprises the step of prompting the user for a password.
  - 42. The method as claimed in claim 23 wherein said execution of a zone action handler comprises the step of prompting for biometric information.
  - 43. The method as claimed in claim 23 wherein said execution of a zone action handler comprises the step of prompting a security token card.
  - 44. The method as claimed in claim 23 wherein said execution of at least one of said zone action handler comprises the step of recording said zone action handler responses for said computer media undergoing authentication.
  - 45. The method as claimed in claim 44, wherein said recording of zone action handler responses is made on said computing device.
  - 46. The method as claimed in claim 44, wherein said recording of zone action handler responses is made on said computer media undergoing authentication.
  - 47. The method as claimed in claim 23, wherein said execution of at least one of said zone action handler comprises the step of recording a validity condition.
  - 48. The method as claimed in claim 47, wherein said recording of said validity condition is made on said computing device.
  - 49. The method as claimed in claim 47, wherein said recording of said validity condition is made on said computer media undergoing authentication.
  - 50. The method as claimed in claim 23, wherein said execution of at least one of said zone action handler comprises the step of recording a validity period of time.
  - 51. The method as claimed in claim 50, wherein said recording of said validity period of time is made on said computing device.
  - 52. The method as claimed in claim 50, wherein said recording of said validity period of time is made on said computer media undergoing authentication.
  - 53. The method as claimed in claim 23 wherein said execution of at least one of said zone action handler comprises the steps of:
    - a) detecting a recorded zone action handler response; and
      
      b) returning a zone action handler response, based upon said recorded zone action handler response.
  - 54. The method as claimed in claim 23 wherein said execution of at least one of said zone action handler comprises the step of:
    - a) detecting a recorded validity condition;
      
      b) testing for said validity condition; and
      
      c) returning a zone action handler response, based upon said testing of said validity condition.
  - 55. The method as claimed in claim 23 wherein said execution of at least one of said zone action handler comprises the step of:
    - a) detecting a recorded validity period of time;
      
      b) obtaining a present time;
      
      c) determining whether said present time is within said validity period of time; and
      
      d) returning a zone action handler response, based upon said determination.
  - 56. The method as claimed in claim 23 wherein said computing device communicates with said media through at least one communications channel.
  - 57. The method as claimed in claim 56, further comprising the step of receiving a plurality of metadata elements from data structures associated with said communications channel.
  - 58. The method as claimed in claim 23, further comprising the step of receiving a plurality of metadata elements from data structures associated with devices abstracted behind said media volume mount point.
  - 59. The method as claimed in claim 23 further comprising the steps of a) identifying an external security level indicator;
    - and b) adjusting said discrete level of trust zone values associated with trustworthy factor scores, based on the results of said identification of external security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idera, Inc.
Original Assignee
BBS Technologies Incorporated (Idera, Inc.)
Inventors
Weiss, Jason Robert

Granted Patent

US 7,480,931 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/80 in storage media based on m...

Volume mount authentication

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

59 Claims

Specification

Solutions

Use Cases

Quick Links

Volume mount authentication

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

59 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links