ARCHITECTURE FOR REMOVABLE MEDIA USB-ARM

US 20130291112A1
Filed: 04/25/2013
Published: 10/31/2013
Est. Priority Date: 04/27/2012
Status: Active Grant

First Claim

Patent Images

1. A method for secure access to storage media, the method comprising the steps of:

in a computing system including one or both of an operating system and application software, the computing system being communicatively coupled to a storage device having stored information;

blocking all access to the storage device except for granting exclusive access to the storage device to a first anti-virus engine and directing the first anti-virus engine to scan the information stored on the communicatively coupled storage device for malicious software;

receiving results from the first anti-virus engine; and

presenting the storage device to the operating system and enabling the operating system to access approved information stored on the storage device in instances when all or a portion of the stored information is approved.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage device is coupled to a computing system comprising an operating system and application software. Access to the storage device is blocked by a kernel filter driver, except exclusive access is granted to a first anti-virus engine. The first anti-virus engine is directed to scan the storage device for malicious software and report results. Exclusive access may be granted to one or more other anti-virus engines and they may be directed to scan the storage device and report results. Approval of all or a portion of the information on the storage device is based on the results from the first anti-virus engine and the other anti-virus engines. The storage device is presented to the operating system and access is granted to the approved information. The operating system may be a Microsoft Windows operating system. The kernel filter driver and usage of anti-virus engines may be configurable by a user.

Citations

21 Claims

1. A method for secure access to storage media, the method comprising the steps of:
- in a computing system including one or both of an operating system and application software, the computing system being communicatively coupled to a storage device having stored information;
  
  blocking all access to the storage device except for granting exclusive access to the storage device to a first anti-virus engine and directing the first anti-virus engine to scan the information stored on the communicatively coupled storage device for malicious software;
  
  receiving results from the first anti-virus engine; and
  
  presenting the storage device to the operating system and enabling the operating system to access approved information stored on the storage device in instances when all or a portion of the stored information is approved.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - granting exclusive access to the storage device, to one or more other anti-virus engines that are different than the first ant-virus engine and directing the one or more other anti-virus engines to scan the information stored on the communicatively coupled storage device for malicious software, wherein the exclusive access to the storage device is granted to the one or more other anti-virus engines, one at a time;
      
      receiving results from the one or more other anti-virus engines; and
      
      determining whether all or a portion of the information stored on the storage device is approved or disapproved based on the results from the first anti-virus engine and results from the one or more other anti-virus engines prior to the presenting the storage device to the operating system and enabling the operating system to access approved information stored on the storage device in instances when all or a portion of the stored information is approved.
  - 3. The method of claim 2, wherein a kernel filter driver of the operating system performs one or more of the blocking, the granting exclusive access, the directing, the receiving, the determining, the presenting and the enabling, relative to the scanning of information stored on the communicatively coupled storage device, by the first anti-virus engine or by the one or more other anti-virus engines.
  - 4. The method of claim 3, wherein one or more ofthe kernel filter driver;
    - the first anti-virus engine; and
      
      the one or more other anti-virus engines,are configurable by a user.
  - 5. The method of claim 2, wherein a device connected between the computing system and the storage device comprising stored information, controls one or more of the blocking, the granting exclusive access, the directing, the receiving, the determining, the presenting and the enabling, relative to the scanning of information stored on the communicatively coupled storage device, by the first anti-virus engine or by the one or more other anti-virus engines.
  - 6. The method of claim 1, further comprising, determining that all or a portion of the information stored on the storage device is disapproved in instances when the information stored on the storage device comprises one or both of malicious software and executable software.
  - 7. The method of claim 1, wherein at least the first anti-virus engine resides on the computing system or resides on a separate computing system communicatively coupled to the computing system by a network.

8. A system for secure access to storage media, the system comprising one or more circuits or processors, said one or more circuits or processors being operable to:
- in a computing system including one or both of an operating system and application software, the computing system being communicatively coupled to a storage device having stored information;
  
  block all access to the storage device except grant exclusive access to the storage device to a first anti-virus engine and direct the first anti-virus engine to scan the information stored on the communicatively coupled storage device for malicious software;
  
  receive results from the first anti-virus engine; and
  
  present the storage device to the operating system and enable the operating system to access approved information stored on the storage device in instances when all or a portion of the stored information is approved.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 wherein said one or more processors or circuits are operable to:
    - grant exclusive access to the storage device, to one or more other anti-virus engines that are different than the first anti-virus engine and direct the one or more other anti-virus engines to scan the information stored on the communicatively coupled storage device for malicious software, wherein the exclusive access to the storage device is granted to the one or more other anti-virus engines, one at a time;
      
      receive results from the one or more other anti-virus engines; and
      
      determine whether all or a portion of the information stored on the storage device is approved or disapproved based on the results from the first anti-virus engine and results from the one or more other anti-virus engines prior to the presenting the storage device to the operating system and enabling the operating system to access approved information stored on the storage device in instances when all or a portion of the stored information is approved.
  - 10. The system of claim 9, wherein a kernel filter driver of the operating system performs one or more of the blocking, the granting exclusive access, the directing, the receiving, the determining, the presenting and the enabling, relative to the scanning of information stored on the communicatively coupled storage device, by the first anti-virus engine or by the one or more other anti-virus engines.
  - 11. The system of claim 10, wherein one or more of:
    - the kernel filter driver;
      
      the first anti-virus engine; and
      
      the one or more other anti-virus engines,are configurable by a user.
  - 12. The system of claim 9, wherein a device connected between the computing system and the storage device comprising stored information, controls one or more of the blocking, the granting exclusive access, the directing, the receiving, the determining, the presenting and the enabling, relative to the scanning of information stored on the communicatively coupled storage device, by the first anti-virus engine or by the one or more other anti-virus engines.
  - 13. The system of claim 8, further comprising, determining that all or a portion of the information stored on the storage device is disapproved in instances when the information stored on the storage device comprises one or both of malicious software and executable software.
  - 14. The system of claim 8, wherein at least the first anti-virus engine resides on the computing system or resides on a separate computing system communicatively coupled to the computing system by a network.

15. A non-transitory computer readable medium having stored thereon one or more instructions for secure access to storage media, the one or more instructions executable by one or more processors to cause the one or more processors to perform steps comprising:
- in a computing system including one or both of an operating system and application software, the computing system being communicatively coupled to a storage device having stored information;
  
  blocking all access to the storage device except granting exclusive access to the storage device, to a first anti-virus engine and directing the first anti-virus engine to scan the information stored on the communicatively coupled storage device for malicious software;
  
  receiving results from the first anti-virus engine; and
  
  presenting the storage device to the operating system and enabling the operating system to access approved information stored on the storage device in instances when all or a portion of the stored information is approved.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable medium of claim 15 further comprising:
    - blocking all access to the storage device except granting exclusive access to the storage device to one or more other anti-virus engines that are different from the first anti-virus engine and directing the one or more other anti-virus engines to scan the information stored on the communicatively coupled storage device for malicious software, wherein the exclusive access to the storage device is granted to the one or more other anti-virus engines, one at a time;
      
      receiving results from the one or more other anti-virus engines; and
      
      determining whether all or a portion of the information stored on the storage device is approved or disapproved based on the results from the first anti-virus engine and results from the one or more other anti-virus engines prior to the presenting the storage device to the operating system and enabling the operating system to access approved information stored on the storage device in instances when all or a portion of the stored information is approved.
  - 17. The non-transitory computer readable medium of claim 16, wherein a kernel filter driver of the operating system performs one or more of the blocking, the granting exclusive access, the directing, the receiving, the determining, the presenting and the enabling, relative to the scanning of information stored on the communicatively coupled storage device, by the first anti-virus engine or by the one or more other anti-virus engines.
  - 18. The non-transitory computer readable medium of claim 17, wherein one or more of:
    - the kernel filter driver;
      
      the first anti-virus engine; and
      
      the one or more other anti-virus engines,are configurable by a user.
  - 19. The non-transitory computer readable medium of claim 16, wherein a device connected between the computing system and the storage device comprising stored information, controls one or more of the blocking, the granting exclusive access, the directing, the receiving, the determining, the presenting and the enabling, relative to the scanning of information stored on the communicatively coupled storage device, by the first anti-virus engine or by the one or more other anti-virus engines.
  - 20. The non-transitory computer readable medium of claim 15 further comprising, determining that all or a portion of the information stored on the storage device is disapproved in instances when the information stored on the storage device comprises one or both of malicious software and executable software.
  - 21. The non-transitory computer readable medium of claim 15, wherein at least the first anti-virus engine resides on the computing system or resides on a separate computing system communicatively coupled to the computing system by a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
UT-Battelle LLC
Original Assignee
UT-Battelle LLC
Inventors
Shue, Craig A., Lamb, Logan M., Paul, Nathanael R.

Granted Patent

US 9,081,960 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/561 Virus type analysis

G06F 21/562 Static detection

ARCHITECTURE FOR REMOVABLE MEDIA USB-ARM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

ARCHITECTURE FOR REMOVABLE MEDIA USB-ARM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links