Method and system for controlling communication ports

US 8,566,924 B2
Filed: 08/12/2011
Issued: 10/22/2013
Est. Priority Date: 07/19/2006
Status: Active Grant

First Claim

Patent Images

1. A memory device having instructions stored thereon that, in response to execution by a processing device, cause the processing device to perform operations comprising:

detecting a coupling of a peripheral to an input/output interface of a host;

in response to detecting the coupling, identifying a device type of the peripheral;

determining whether the identified device type is authorized; and

preventing the peripheral from performing at least one function in accordance with a security policy in response to determining that the identified device type is not authorized.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for limiting devices and controlling the applications executed from USB ports on personal computers (PCs). More specifically, the present invention relates to a method for ensuring that only authorized devices and applications are accessed from USB ports using software and configuration files on the PC. Using the software application stored on the PC storage device in conjunction with functionality performed by a designed security file server, the use of USB applications and devices is limited to authorized applications and devices.

120 Citations

22 Claims

1. A memory device having instructions stored thereon that, in response to execution by a processing device, cause the processing device to perform operations comprising:
- detecting a coupling of a peripheral to an input/output interface of a host;
  
  in response to detecting the coupling, identifying a device type of the peripheral;
  
  determining whether the identified device type is authorized; and
  
  preventing the peripheral from performing at least one function in accordance with a security policy in response to determining that the identified device type is not authorized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The memory device of claim 1, wherein the operations further comprise allowing the peripheral to perform the at least one function in accordance with the security policy in response to determining that the identified device type is authorized.
  - 3. The memory device of claim 1, wherein the input/output interface comprises a Universal Serial Bus (USB) interface.
  - 4. The memory device of claim 1, wherein the operations further comprise:
    - in response to detecting the coupling, identifying data corresponding to a file or executable program stored on the peripheral;
      
      determining whether the corresponding file or executable program is authorized; and
      
      denying access to the identified data over the input/output interface in response to determining that the corresponding file or executable program is not authorized.
  - 5. The memory device of claim 4, wherein determining whether the corresponding file or executable program is authorized is in response to determining that the identified device type is authorized.
  - 6. The memory device of claim 4, wherein the operations further comprise allowing access to the identified data over the input/output interface in response to determining that the file or executable program is authorized.
  - 7. The memory device of claim 1, wherein the operations further comprise downloading a configuration file stored on a remote network device.
  - 8. The memory device of claim 7, wherein determining whether the identified device type is authorized comprises comparing the identified device type to a list of device types indicated by the downloaded configuration file.
  - 9. The memory device of claim 7, wherein the operations further comprise periodically communicating with the remote network device after downloading the configuration file to check for an update corresponding to the downloaded configuration file.
  - 10. The memory device of claim 1, wherein the identified device type comprises at least one selected from a group including a printer device type, a camera device type, a scanner device type, and a non-volatile storage device type.

11. A machine-implemented method, comprising:
- detecting a coupling of a peripheral to an input/output interface of a host;
  
  in response to detecting the coupling, identifying a device type of the peripheral;
  
  determining whether the identified device type is authorized; and
  
  preventing the peripheral from performing at least one function in accordance with a security policy in response to determining that the identified device type is not authorized, wherein preventing the peripheral from performing the at least one function in accordance with the security policy comprises changing a configuration stored in a memory of the host.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The machine-implemented method of claim 11, further comprising allowing the peripheral to perform the at least one function in accordance with the security policy in response to determining that the identified device type is authorized.
  - 13. The machine-implemented method of claim 11, wherein the input/output interface comprises a Universal Serial Bus (USB) interface.
  - 14. The machine-implemented method of claim 11, further comprising:
    - in response to detecting the coupling, identifying data corresponding to a file or executable program stored on the peripheral;
      
      determining whether the corresponding file or executable program is authorized; and
      
      denying access to the identified data over the input/output interface in response to determining that the file or executable program is not authorized.
  - 15. The machine-implemented method of claim 14, wherein determining whether the corresponding file or executable program is authorized is in response to determining that the identified device type is authorized.
  - 16. The machine-implemented method of claim 14, further comprising allowing access to the identified data over the input/output interface in response to determining that the file or executable program is authorized.
  - 17. The machine-implemented method of claim 11, further comprising downloading a configuration file over a network.
  - 18. The machine-implemented method of claim 17, wherein determining whether the identified device type is authorized comprises comparing the identified device type to a list of device types indicated by the downloaded configuration file.
  - 19. The machine-implemented method of claim 17, further comprising periodically communicating over the network after downloading the configuration file to check for an update corresponding to the downloaded configuration file.
  - 20. The machine-implemented method of claim 11, wherein the identified device type comprises at least one selected from a group including a printer device type, a camera device type, a scanner device type, and a non-volatile storage device type.

21. An apparatus, comprising:
- means for detecting a coupling of a peripheral to an input/output interface of a host;
  
  means for identifying a device type of the peripheral in response to detecting the coupling;
  
  means for determining whether the identified device type is authorized; and
  
  means for preventing the peripheral from performing at least one function in accordance with a security policy in response to determining that the identified device type is not authorized.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21, wherein the input/output interface comprises a Universal Serial Bus (USB) interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OL Security LLC (Intellectual Ventures LLC)
Original Assignee
Six Circle Limited Liability Company (Intellectual Ventures LLC)
Inventors
Bacastow, Steven V.
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US13/208,660
Publication Number

US 20110302568A1
Time in Patent Office

802 Days
Field of Search

None
US Class Current

726/20
CPC Class Codes

G06F 21/85 interconnection devices, e....

Method and system for controlling communication ports

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling communication ports

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links