Browse Prior Art Database

USB Selective Device Disable

IP.com Disclosure Number: IPCOM000014707D
Original Publication Date: 2000-Dec-23
Included in the Prior Art Database: 2003-Jun-20
Document File: 2 page(s) / 38K

Publishing Venue

IBM

Abstract

In todays secured system, control over the configuration by the system administrator is an important factor. However, with the addition of USB and the OS support software capable of enumerating externally attached USB devices, the systems capability to maintain the same level of integrity is in doubt. Disclosed is an invention that will give the system administrator the capability to enable or disable externally connected USB devices. The system administrator will be given the capability to disable classes of USB devices in a configuration utility. The administrator will identify those devices which will not be allowed to function if attached to a system USB port. For example, removable media devices such as a floppy diskette or a zip drive. The administrator can protect access to this utility by using the administrator password (privileged access password (PAP)) and placing the system in an enhanced secure mode. Any attempt to invoke the configuration utility will require the user to enter the correct password (PAP). When the administrator is finished identifying disallowed devices, the utility will pass a list of identified device classes to the USB monitoring subsystem described below. When an USB device is attached to an USB port, it is enumerated by the operating system. The device will identify itself and class type in a data packet during the enumeration procedure. This data packet will be captured by a small monitoring subsystem attached to the USB data signal lines. The subsystem will maintain the list of disallowed devices in its non-volatile memory. The captured packed will be checked against the disallowed list. If the device is present in the list, the packet will be blocked from reaching the controller and the device address will be pulled out of the data packet and stored in the subsystem. Afterwards, any data packet from the device will be blocked from reaching the USB host controller. USB

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 69% of the total text.

Page 1 of 2

USB Selective Device Disable

In todays secured system, control over the configuration by the system administrator is an important factor. However, with the addition of USB and the OS support software capable of enumerating externally attached USB devices, the systems capability to maintain the same level of integrity is in doubt. Disclosed is an invention that will give the system administrator the capability to enable or disable externally connected USB devices.

The system administrator will be given the capability to disable classes of USB devices in a configuration utility. The administrator will identify those devices which will not be allowed to function if attached to a system USB port. For example, removable media devices such as a floppy diskette or a zip drive. The administrator can protect access to this utility by using the administrator password (privileged access password (PAP)) and placing the system in an enhanced secure mode. Any attempt to invoke the configuration utility will require the user to enter the correct password (PAP). When the administrator is finished identifying disallowed devices, the utility will pass a list of identified device classes to the USB monitoring subsystem described below.

When an USB device is attached to an USB port, it is enumerated by the operating system. The device will identify itself and class type in a data packet during the enumeration procedure. This data packet will be captured by a small monitoring subsyst...