System and method for providing data and device security between external and host devices

US 10,313,368 B2
Filed: 06/28/2017
Issued: 06/04/2019
Est. Priority Date: 12/13/2005
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an external device configured to store and retrieve data in response to approved data transfer requests, the external device including an external device communication interface;

a security device including a security engine and security policies, the security policies including data privacy policies, the security device further including at least one security device hardware processor configured to execute the security engine to evaluate redirected data transfer requests involving the external device against the security policies including against the data privacy policies, the security policies indicating an approvable data transfer request or indicating a disapprovable data transfer request, the security engine configured to assist in determining whether to approve or whether to disapprove each of the redirected data transfer requests based on the evaluation of the redirected data transfer requests against the security policies including against the data privacy policies, the security device including a security device connection interface, the security device configured to use the at least one security device hardware processor to;

receive a particular redirected data transfer request;

evaluate, using the security engine, the particular redirected data transfer request against the security policies including against the data privacy policies to determine whether to approve or whether to disapprove the particular redirected data transfer request; and

generate, using the security engine, a particular approval or a particular disapproval based on the evaluation of the particular redirected data transfer request; and

a host device including at least one host device hardware processor, a first host communication interface and a second host communication interface, the first host communication interface being communicatively coupled to the external device communication interface to enable data communications between the host device and the external device, the second host communication interface being communicatively coupled to the security device communication interface to enable data communications between the host device and the security device, the host device further including a redirection driver configured to automatically redirect received data transfer requests to the security device, the host device configured to use the at least one host device hardware processor to;

receive a particular data transfer request;

use the redirection driver to automatically redirect the particular data transfer request to the security device as the particular redirected data transfer request;

receive the particular approval or the particular disapproval from the security device; and

initiate performance of the particular data transfer request when the particular approval is received or when the particular disapproval is not received.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure data exchange system comprising a security device including a first external device plug, and a security engine operative to enforce a security policy on data transfer requests received from the host; an external device including a second external device plug; and a host including a first external device port operative to communicatively couple with the first external device plug, a second external device port operative to communicatively couple with the second external device plug, and a driver, e.g., a redirect driver, operative to transfer a data transfer request to the security device before executing the data transfer request.

156 Citations

20 Claims

1. A system comprising:
- an external device configured to store and retrieve data in response to approved data transfer requests, the external device including an external device communication interface;
  
  a security device including a security engine and security policies, the security policies including data privacy policies, the security device further including at least one security device hardware processor configured to execute the security engine to evaluate redirected data transfer requests involving the external device against the security policies including against the data privacy policies, the security policies indicating an approvable data transfer request or indicating a disapprovable data transfer request, the security engine configured to assist in determining whether to approve or whether to disapprove each of the redirected data transfer requests based on the evaluation of the redirected data transfer requests against the security policies including against the data privacy policies, the security device including a security device connection interface, the security device configured to use the at least one security device hardware processor to;
  
  receive a particular redirected data transfer request;
  
  evaluate, using the security engine, the particular redirected data transfer request against the security policies including against the data privacy policies to determine whether to approve or whether to disapprove the particular redirected data transfer request; and
  
  generate, using the security engine, a particular approval or a particular disapproval based on the evaluation of the particular redirected data transfer request; and
  
  a host device including at least one host device hardware processor, a first host communication interface and a second host communication interface, the first host communication interface being communicatively coupled to the external device communication interface to enable data communications between the host device and the external device, the second host communication interface being communicatively coupled to the security device communication interface to enable data communications between the host device and the security device, the host device further including a redirection driver configured to automatically redirect received data transfer requests to the security device, the host device configured to use the at least one host device hardware processor to;
  
  receive a particular data transfer request;
  
  use the redirection driver to automatically redirect the particular data transfer request to the security device as the particular redirected data transfer request;
  
  receive the particular approval or the particular disapproval from the security device; and
  
  initiate performance of the particular data transfer request when the particular approval is received or when the particular disapproval is not received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein each of the external device communication interface and the first host communication interface includes an Ethernet interface.
  - 3. The system of claim 1, wherein each of the security device communication interface and the second host communication interface includes an Ethernet interface.
  - 4. The system of claim 1, wherein the security engine is further configured to evaluate particular data involved in the particular data transfer request for malicious or potentially malicious code.
  - 5. The system of claim 1, wherein the security engine is further configured to evaluate the particular data transfer request based on a data type of particular data involved in the particular data transfer request.
  - 6. The system of claim 5, wherein the security engine is further configured to deny the particular data transfer request when the particular data involved in the particular data transfer request is of a particular data type.
  - 7. The system of claim 5, wherein the security engine is further configured to request an additional security measure when the particular data involved in the particular data transfer request is of a particular data type.
  - 8. The system of claim 7, wherein the additional security measure includes a request for a password and an identifier.
  - 9. The system of claim 1, wherein the security engine applies weighting factors based on a data source of particular data involved in the particular data transfer request.
  - 10. The system of claim 1, wherein the security engine is further configured to deny the particular data transfer request when the particular data involved in the particular data transfer request is stored in a protected folder.

11. A method comprising:
- receiving a particular data transfer request by a host device, the particular data transfer request including a request to transfer particular data to or from an external data storage device, the external data storage device including an external device communication interface, the host device including a first host communication interface and a second host communication interface, the first host communication interface being communicatively coupled to the external device communication interface to enable data communications between the host device and the external data storage device, the host device further including a redirection driver configured to automatically redirect received data transfer requests including the particular data transfer request to a security device;
  
  using the redirection driver to automatically redirect the particular data transfer request from the host device to the security device as a redirected data transfer request, the security device including a security engine and security policies, the security policies including data privacy policies, the security policies indicating an approvable data transfer request or indicating a disapprovable data transfer request, the security device configured to evaluate data transfer requests involving the external data storage device against the security policies including against the data privacy policies, the security engine configured to assist in determining whether to approve or whether to disapprove each of the data transfer requests including the redirected data transfer request based on the evaluation of each of the data transfer requests against the security policies including against the data privacy policies, the security device including a security device connection interface communicatively coupled to the second host communication interface to enable data communications between the host device and the security device;
  
  using the security engine to evaluate the redirected data transfer request against the security policies including against the data privacy policies to determine whether to approve or whether to disapprove the redirected data transfer request;
  
  using the security engine to generate a particular approval or a particular disapproval based on the evaluation of the redirected data transfer request; and
  
  initiating performance of the particular data transfer request when the particular approval is received or when the particular disapproval is not received.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein each of the external data storage device communication interface and the first host communication interface includes an Ethernet interface.
  - 13. The method of claim 11, wherein each of the security device communication interface and the second host communication interface includes an Ethernet interface.
  - 14. The method of claim 11, further comprising using the security engine to evaluate the particular data involved in the particular data transfer request for malicious or potentially malicious code.
  - 15. The method of claim 11, further comprising using the security engine to evaluate the particular data transfer request based on a data type of the particular data involved in the particular data transfer request.
  - 16. The method of claim 15, further comprising using the security engine to deny the particular data transfer request when the particular data involved in the particular data transfer request is of a particular data type.
  - 17. The method of claim 15, further comprising using the security engine to request an additional security measure when the particular data involved in the particular data transfer request is of a particular data type.
  - 18. The method of claim 17, wherein the additional security measure includes a request for a password and an identifier.
  - 19. The method of claim 11, further comprising using the security engine to apply weighting factors based on a data source of the particular data involved in the particular data transfer request.
  - 20. The method of claim 11, further comprising using the security engine to deny the particular data transfer request when the particular data involved in the particular data transfer request is stored in a protected folder.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CUPP Computing AS
Original Assignee
CUPP Computing AS
Inventors
Touboul, Shlomo
Primary Examiner(s)
King, John B

Application Number

US15/636,578
Publication Number

US 20180145994A1
Time in Patent Office

706 Days
Field of Search
US Class Current
CPC Class Codes

G06F 13/385   for adaptation of a particu...

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/562   Static detection

G06F 21/71   to assure secure computing ...

G06F 21/85   interconnection devices, e....

H04L 63/1416   Event detection, e.g. attac...

System and method for providing data and device security between external and host devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

156 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing data and device security between external and host devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

156 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links