Validating a type of a peripheral device
US-2016078224-A1 · Mar 17, 2016 · US
Apparatus and method for locking and unlocking removable media for use inside and outside protected systems
US10614219B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10614219-B2 |
| Application number | US-201715469767-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 27, 2017 |
| Priority date | Jun 3, 2016 |
| Publication date | Apr 7, 2020 |
| Grant date | Apr 7, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes detecting a storage device and performing a check-in process for the storage device. The check-in process includes scanning the storage device to identify any malware contained on the storage device, digitally signing one or more clean files on the storage device, and modifying a file system of the storage device. The method may also include performing a check-out process for the storage device, where the check-out process includes restoring the file system of the storage device. The file system of the storage device can be modified during the check-in process so that one or more protected nodes within a protected system are able to recognize the modified file system of the storage device and nodes outside of the protected system cannot recognize the modified file system of the storage device.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus for locking and unlocking removable media for use in a protected system, the apparatus comprising: at least one interface configured to be coupled to a removable storage device; and at least one processing device configured to: detect the removable storage device; and perform a check-in process for the removable storage device, wherein, to perform the check-in process, the at least one processing device is configured to: scan the storage device to identify any malware contained on the removable storage device; calculate a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device; verify whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device; lock a file system of the removable storage device by modifying the file system of the removable storage device such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device; allow the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and perform a check-out process for the removable storage device, wherein, to perform the check-out process, the at least one processing device is configured to restore the file system so that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device. 2. The apparatus of claim 1 , wherein the at least one processing device is configured to: create a backup of contents of the removable storage device during the check-in process; and restore the contents to the removable storage device in response to a request for restoration of the removable storage device from a user. 3. The apparatus of claim 1 , wherein the at least one processing device is configured to: detect that a determination cannot be made whether a specified file on the removable storage device is clean or definitively contains malware; provide at least part of the specified file to an external system for analysis; and receive from the external system an indication whether the specified file is clean or contains malware. 4. The apparatus of claim 1 , wherein the at least one processing device is configured to: determine a type of the removable storage device during the check-in process; determine whether the type of the removable storage device is allowed in the protected system during the check-in process; and block usage of the removable storage device in the protected system in response to determining that the type of the removable storage device is not allowed in the protected system. 5. The apparatus of claim 1 , wherein the at least one processing device is configured to encrypt one or more components of the file system in order to modify the file system of the removable storage device. 6. The apparatus of claim 1 , wherein the check-in processes further comprises encrypting the one or more clean files, and the checkout process further comprises decrypting the one or more clean files. 7. A method comprising: detecting a removable storage device; and performing a check-in process for the removable storage device, wherein the check-in process comprises: scanning the removable storage device to identify any malware contained on the removable storage device; calculating a current hash value using a hash generation algorithm for each of one or more files stored on the removable storage device; verifying whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device; locking a file system of the removable storage device by modifying the file system of the removable storage device including altering at least part of the file system using a certificate or private key, wherein the file system is modified such that (i) one or more protected nodes within a protected system are able to recognize the modified file system of the removable storage device and (ii) nodes outside of the protected system cannot recognize the modified file system of the removable storage device; allowing one or more protected nodes within the protected system to access the files that are verified to be clean while blocking access to the files that are not verified to be clean; and performing a check-out processor for the removable storage device, wherein the check-out process comprises: restoring the file system such that (i) the one or more protected nodes within the protected system cannot recognize the restored file system of the removable storage device and (ii) the nodes outside of the protected system are able to recognize the restored file system of the removable storage device. 8. The method of claim 7 , further comprising: creating a backup of contents of the removable storage device during the check-in process; and restoring the contents to the removable storage device in response to a request for restoration of the removable storage device from a user. 9. The method of claim 7 , wherein the check-in process comprises: detecting that a determination cannot be made whether a specified file on the removable storage device is clean or definitively contains malware; providing at least part of the specified file to an external system for analysis; and receiving from the external system an indication whether the specified file is clean or contains malware. 10. The method of claim 7 , wherein the check-in process comprises: determining a type of the removable storage device during the check-in process; determining whether the type of the removable storage device is allowed in the protected system during the check-in process; and blocking usage of the removable storage device in the protected system in response to determining that the type of the removable storage device is not allowed in the protected system. 11. The method of claim 7 , wherein the check-in process comprises digitally signing the removable storage device itself. 12. The method of claim 7 , wherein the check-in processes further comprises encrypting the one or more clean files. 13. A non-transitory computer readable medium containing instructions that, when executed by at least one processing device, cause the at least one processing device to: detect a removable storage device; and perform a check-in process for the removable storage device, wherein the check-in process comprises: scanning the removable storage device to identify any malware contained on the removable storage device; calculating a current hash value using a hash generation algorithm for each of the or more files; verifying whether each of the one or more files stored on the removable storage device is clean by verifying that the current hash value calculated for the corresponding file matches a prior hash value calculated for the corresponding file, the prior hash value stored on the removable storage device; locking a
Assignees
Inventors
Classifications
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
Using snapshots, i.e. a logical point-in-time copy of the data · CPC title
eliminating virus, restoring damaged files · CPC title
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10614219B2 cover?
- A method includes detecting a storage device and performing a check-in process for the storage device. The check-in process includes scanning the storage device to identify any malware contained on the storage device, digitally signing one or more clean files on the storage device, and modifying a file system of the storage device. The method may also include performing a check-out process for …
- Who is the assignee on this patent?
- Honeywell Int Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/565. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 07 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).