Methods, systems, and devices for detecting and isolating device posing security threat

US 9,537,882 B2
Filed: 12/19/2014
Issued: 01/03/2017
Est. Priority Date: 12/19/2014
Status: Active Grant

First Claim

Patent Images

1. An apparatus for detecting a security threat, the apparatus comprising:

a first input/output (I/O) interface and a second I/O interface;

a memory device that stores a set of instructions; and

a processor configured to execute the set of instructions to;

detect that a first device is coupled with the first I/O interface;

responsive to the detection that the first device is coupled with the first I/O interface, temporarily disable data communication between the first and second I/O interfaces;

acquire a file from the detected first device via the first I/O interface;

monitor for a request to communicate data to the second I/O interface;

if the request to communicate data to the second I/O interface is detected, determine that the first device poses a security threat;

responsive to a determination that the acquired file does not pose a security threat, enable the data communication between the first and second I/O interfaces.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for detecting a security threat. The methods and systems comprise detecting that a first device is coupled with the first I/O interface, responsive to the detection that the first device is coupled with the first I/O interface, temporarily disabling data communication between the first and second I/O interfaces, acquiring a file from the detected first device via the first I/O interface, determining whether the acquired file poses a security threat, and responsive to a determination that the acquired file does not pose a security threat, enabling the data communication between the first and second I/O interfaces.

Citations

17 Claims

1. An apparatus for detecting a security threat, the apparatus comprising:
- a first input/output (I/O) interface and a second I/O interface;
  
  a memory device that stores a set of instructions; and
  
  a processor configured to execute the set of instructions to;
  
  detect that a first device is coupled with the first I/O interface;
  
  responsive to the detection that the first device is coupled with the first I/O interface, temporarily disable data communication between the first and second I/O interfaces;
  
  acquire a file from the detected first device via the first I/O interface;
  
  monitor for a request to communicate data to the second I/O interface;
  
  if the request to communicate data to the second I/O interface is detected, determine that the first device poses a security threat;
  
  responsive to a determination that the acquired file does not pose a security threat, enable the data communication between the first and second I/O interfaces.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the processor is further configured to execute the set of instructions to:
    - detect that a second device is coupled with the second I/O interface;
      
      determine whether the detected second device sends data to the apparatus via the second I/O interface before the data communication is enabled between the first and second I/O interfaces; and
      
      responsive to a determination that the detected second device sends data to the apparatus via the second I/O interface before the data communication is enabled between the first and second I/O interfaces, determine that the second device poses a security threat.
  - 3. The apparatus of claim 1, wherein the processor is further configured to execute the set of instructions to:
    - store first configuration data for determining whether the acquired file poses a security threat, the first configuration data being associated with a first timestamp;
      
      based on the first timestamp, determine whether the first configuration data is up-to-date; and
      
      responsive to a determination that the first configuration data is not up-to-date, acquire second configuration data associated with a second timestamp, the second configuration data being acquired to replace the first configuration data.
  - 4. The apparatus of claim 3, wherein at least one of the first and second configuration data includes attributes of one or more computer viruses and malwares.
  - 5. The apparatus of claim 1, wherein the processor is further configured to execute the set of instructions to:
    - acquire information about a directory structure of one or more files stored in the first device;
      
      determine whether all the files stored in the first device have been acquired, based on the acquired information about the directory structure; and
      
      responsive to a determination that all the files stored in the first device have been acquired, and that none of the acquired files poses a security threat, enable the data communication between the first and second I/O interfaces.
  - 6. The apparatus of claim 1, further comprising a first connector and a second connector, the first connector and the second connector being coupled with the first I/O interface and with the second I/O interface respectively.
  - 7. The apparatus of claim 1, further comprising one or more output devices to indicate that the apparatus enables the data communication between the first and second I/O interfaces, and/or to indicate that a device coupled with the first or the second I/O interfaces poses a security threat.

8. A computer-implemented method of detecting a security threat, comprising:
- detecting that a first device is coupled with a first input/output (I/O) interface;
  
  responsive to detecting that the first device is coupled with the first I/O interface, temporarily disabling data communication between the first I/O interface and a second I/O interface;
  
  acquiring a file from the detected first device via the first I/O interface;
  
  monitoring for a request to communicate data to the second I/O interface;
  
  if the request to communicate data to the second I/O interface is detected, determine that the first device poses a security threat;
  
  responsive to determining that the acquired file does not pose a security threat, enabling the data communication between the first and second I/O interfaces.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, further comprising:
    - detecting that a second device is coupled with the second I/O interface;
      
      determining whether the detected second device sends data to the second I/O interface before the data communication is enabled between the first and second I/O interfaces; and
      
      responsive to determining that the detected second device sends data to the second I/O interface before data communication is enabled between the first and second I/O interfaces, determining that the second device poses a security threat.
  - 10. The method of claim 8, further comprising:
    - storing first configuration data for determining that the acquired file poses a security threat, the first configuration data being associated with a first timestamp;
      
      based on the first timestamp, determining whether the first configuration data is up-to-date; and
      
      responsive to determining that the first configuration data is not up-to-date, acquiring second configuration data associated with a second timestamp, the second configuration data being acquired to replace the first configuration data.
  - 11. The method of claim 10, wherein at least one of the first and second configuration data includes attributes of one or more computer viruses and malwares.
  - 12. The method of claim 8, further comprising:
    - acquiring information about a directory structure of one or more files stored in the first device;
      
      determining whether all the files stored in the first device have been acquired, based on the acquired information about the directory structure; and
      
      responsive to determining that all the files stored in the first device have been acquired, and that none of the acquired files poses a security threat, enabling data communication between the first and second I/O interfaces.

13. A non-transitory computer readable medium that stores a set of instructions that are executable by at least one processor of an electronic device to cause the electronic device to perform a method of detecting a security threat, the method comprising:
- detecting that a first device is coupled with a first input/output (I/O) interface;
  
  responsive to detecting that the first device is coupled with the first I/O interface, temporarily disabling data communication between the first I/O interface and a second I/O interface;
  
  acquiring a file from the detected first device via the first I/O interface;
  
  monitoring for a request to communicate data to the second I/O interface;
  
  if the request to communicate data to the second I/O interface is detected, determine that the first device poses a security threat;
  
  andresponsive to determining that the acquired file does not pose a security threat, enabling the data communication between the first and second I/O interfaces.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The non-transitory computer readable medium of claim 13, wherein the method further comprises:
    - detecting that a second device is coupled with the second I/O interface;
      
      determining whether the detected second device sends data to the second I/O interface before the data communication is enabled between the first and second I/O interfaces; and
      
      responsive to determining that the detected second device sends data to the second I/O interface before the data communication is enabled between the first and second I/O interfaces, determining that the second device poses a security threat.
  - 15. The non-transitory computer readable medium of claim 13, wherein the method further comprises:
    - storing first configuration data for determining that the acquired file poses a security threat, the first configuration data being associated with a first timestamp;
      
      based on the first timestamp, determining whether the first configuration data is up-to-date; and
      
      responsive to determining that the first configuration data is not up-to-date, acquiring second configuration data associated with a second timestamp, the second configuration data being acquired to replace the first configuration data.
  - 16. The non-transitory computer readable medium of claim 15, wherein at least one of the first and second configuration data includes attributes of one or more computer viruses and malwares.
  - 17. The non-transitory computer readable medium of claim 13, wherein the method further comprises:
    - acquiring information about a directory structure of one or more files stored in the first device;
      
      determining whether all the files stored in the first device have been acquired, based on the acquired information about the directory structure; and
      
      responsive to determining that all the files stored in the first device have been acquired, and that none of the acquired files poses a security threat, enabling the data communication between the first and second I/O interfaces.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Federal Express Corporation (FedEx Corporation)
Original Assignee
Fedex Corporation Services Incorporated
Inventors
Patteson, Christopher Perry, Maier, Edward Michael, Mings, Michael Jesse
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
COHEN, HARVEY I

Application Number

US14/577,405
Publication Number

US 20160182554A1
Time in Patent Office

746 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 63/1433   Vulnerability analysis

H04L 63/1441   Countermeasures against mal...

Methods, systems, and devices for detecting and isolating device posing security threat

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems, and devices for detecting and isolating device posing security threat

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links