Secure access to encrypted information

US 8,739,305 B2
Filed: 06/30/2008
Issued: 05/27/2014
Est. Priority Date: 06/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method of using a mini filter driver which is part of a file system manager in a self-service terminal to secure access to encrypted information stored on a removable storage device inserted in a port terminal to the self-service terminal by an authorized client, the method comprising:

registering the mini filter driver with the file system filter manager, wherein the mini filter driver is stored in kernel mode, and comprises a list of authorized clients and decryption technology;

receiving by the mini filter driver a request to read information from the removable storage device;

ascertaining by the mini filter driver if the request originates from an authorized client on the list of authorized clients;

receiving encrypted information read from the removable storage device;

decrypting the encrypted information read by the file manager by the mini filter driver in response to a request originated from an authorized client on said list, wherein the authorized client request makes the request via a management application registered with the mini filter driver as an authorized application; and

conveying the decrypted information to the authorized client.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of using a mini filter driver to secure access to encrypted information stored on a removable storage device. The method comprises receiving a request to read information from the removable storage device. The mini filter driver ascertains if the request originated from an authorized client. The mini filter driver receives encrypted information read from the removable storage device, and decrypts the encrypted information in the event that the request originated from an authorized client. The decrypted information can then be conveyed to the authorized client. If the client is not authorized, then the mini filter driver does not decrypt the information.

10 Citations

20 Claims

1. A method of using a mini filter driver which is part of a file system manager in a self-service terminal to secure access to encrypted information stored on a removable storage device inserted in a port terminal to the self-service terminal by an authorized client, the method comprising:
- registering the mini filter driver with the file system filter manager, wherein the mini filter driver is stored in kernel mode, and comprises a list of authorized clients and decryption technology;
  
  receiving by the mini filter driver a request to read information from the removable storage device;
  
  ascertaining by the mini filter driver if the request originates from an authorized client on the list of authorized clients;
  
  receiving encrypted information read from the removable storage device;
  
  decrypting the encrypted information read by the file manager by the mini filter driver in response to a request originated from an authorized client on said list, wherein the authorized client request makes the request via a management application registered with the mini filter driver as an authorized application; and
  
  conveying the decrypted information to the authorized client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method according to claim 1, wherein the request to read information from the removable storage device is relayed via a file system filter manager with which the mini filter driver is registered.
  - 3. A method according to claim 1, wherein ascertaining if the request originates from an authorized client further comprises:
    - requiring a client to send a registration request to the mini filter driver prior to that client sending a request to read information from the removable storage device;
      
      validating the registration request by the mini filter driver;
      
      sending an acknowledgement to that client; and
      
      creating an entry for that client in an authorized client list in the mini filter driver.
  - 4. A method according to claim 1, wherein decrypting the encrypted information in the event that the request originated from an authorized client further comprises using decryption technology stored within the mini filter driver to decrypt the encrypted information.
  - 5. A method according to claim 1, wherein decrypting the encrypted information in the event that the request originated from an authorized client further comprises using decryption technology stored on the removable storage device to decrypt the encrypted information.
  - 6. A method according to claim 5, wherein the method may further comprises removing any portions of the encrypted information that contain the decryption technology prior to sending the encrypted information to an unauthorized client.
  - 7. A method according to claim 1, wherein the method comprises the further step of:
    - conveying the encrypted information to an unauthorized client in the event that the request originated therefrom.
  - 8. A computer memory storing in kernel mode the mini filter driver implementing the steps of claim 1.

9. A file management system to recognize a removable storage device presented to provide maintenance to a self-service terminal, where the removable storage device contains encrypted information relating to maintaining the self-service terminal, the file management system implemented as software stored in a non-transitory computer readable medium, the file management system comprising:
- a storage device driver for reading information from and writing information to a removable storage device in conjunction with a physical device driver;
  
  a file system driver in communication with the storage device driver for organizing files stored on the removable storage device;
  
  a file system filter manager in communication with the file system driver; and
  
  a mini filter driver registered with the file system filter manager, wherein the mini filter driver is stored in kernel mode, the mini filter driver further comprising;
  
  a list of authorized clients to provide maintenance and decryption technology, andwhereby the mini filter driver decrypts the encrypted information read by the file system driver in response to a request from the authorized client,wherein the authorized client makes the request via the management application.
- View Dependent Claims (10, 11)
- - 10. A file management system according to claim 9, wherein the mini filter driver further comprises a volume labels of interest list storing volume labels of removable storage devices known to include encrypted information.
  - 11. A file management system according to claim 9, wherein the mini filter driver further comprises a client authentication component for receiving a code and an identifier from a client.

12. A self-service terminal including a plurality of devices requiring periodic maintenance, the terminal comprising:
- a file system filter manager including a file system driver;
  
  a management application, registered with a mini filter driver as an authorized application, for providing restricted functions accessible only by an authorized client;
  
  a port internal to the self-service terminal for receiving a removable storage device from the authorized client providing maintenance to the self-service terminal, where the removable storage device contains encrypted information relating to maintaining the devices; and
  
  the mini filter driver registered with the file system filter manager, wherein the mini filter driver is stored in kernel mode, the mini filter driver comprising;
  
  a list of authorized clients and decryption technology, andwhereby the mini filter driver decrypts the encrypted information read by the file system driver in response to a request from the authorized client,wherein the authorized client makes the request via the management application.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. A terminal according to claim 12, wherein the self-service terminal includes a cash dispenser.
  - 14. A terminal according to claim 12 further comprising:
    - a controller hub providing a USB interface to a plurality of USB ports.
  - 15. A terminal according to claim 12 further comprising:
    - a controller hub providing an interface to a CD-ROM drive or a DVD drive.
  - 16. A terminal according to claim 12 further comprising:
    - a controller hub providing a disk interface to a disk drive.
  - 17. A terminal according to claim 12 wherein the port comprises a USB port and the authorized user is recognized by detecting:
    - insertion of an access token embodied as a USB memory stick into the USB port; and
      
      entry of a passcode.
  - 18. A terminal according to claim 17 wherein the mini filter driver informs the file system manager the mini filter driver should be notified of all removable storage devices upon coupling of said removable storage devices to the file system, and upon detection of entry of a CD-ROM or DVD by the file system manager, the file system manager informs the mini filter driver.
  - 19. A terminal according to claim 17 wherein upon recognition of an authorized user, a menu option is enabled and displayed on a rear service display.
  - 20. A terminal according to claim 15 wherein the mini filter driver decrypts encrypted file information read from the CD-ROM drive or the DVD drive.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NCR Corporation
Original Assignee
NCR Corporation
Inventors
Cathro, Ian A.
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
ZAIDI, SYED A

Application Number

US12/215,867
Publication Number

US 20090327720A1
Time in Patent Office

2,157 Days
Field of Search

726/29
US Class Current

726/29
CPC Class Codes

G06F 16/10   File systems; File servers

G06F 17/00   Digital computing or data p...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

Secure access to encrypted information

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure access to encrypted information

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others