Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

PC / Mobile System Attached Security Devices for File Access Monitoring and Control

IP.com Disclosure Number: IPCOM000033752D
Original Publication Date: 2004-Dec-28
Included in the Prior Art Database: 2004-Dec-28
Document File: 3 page(s) / 47K

Publishing Venue

IBM

Abstract

Disclosed is a system that enables monitoring and/or control of user file access in a PC or a mobile system by inserting a physical key of a USB device or a PC card that carries security policies copied from a central site for the user. The system can distribute a set of centrally defined security policies, enforce the policies, create file access logs, and embed water marking in the target files, all by using the physical key devices, safely without the need of all-time connected communication network.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 47% of the total text.

Page 1 of 3

PC / Mobile System Attached Security Devices for File Access Monitoring and Control

1. NEEDS FOR THE SYSTEM

Great demand for an easy solution of preventing information exposure from PCs / Mobile Systems.

One of the most effective solutions is monitoring, logging and/or controlling the access/operations of important files by a set of corporate security policies.

Tools for the same purpose in the market are basically PC software solutions with/without a security policy server that have the following demerits.

PC software is easily disguised and the control data store is easily copied or tampered.


1.


2.


3.


4.

A client/server solution makes offline file access impossible.

Importable. (PCs / Mobile Systems cannot be changed.)

No synergy with the rest of the IT systems under a single set of corporate security

policies

2. CONCEPT OF THE SYSTEM

Authenticated PC / Mobile SYSTEM attached devices in the form of USB devices, PC cards or key-shaped devices for Authentication, Access Control and Portability

A portable physical key to important files

A personalized key with the individual security policies


2.

A virtual file storage device with a timer, a set of security policies, a set of encryption keys, access logging and/or functions of operation control and watermarking inside the physical device.

"Distributed Security Policy" downloaded from a corporate security policy server

File access logging and/or operation control, watermarking by the policies

Virtual files including PC / Mobile System files that must be decrypted/encrypted when

used and stored.

Can work with any PC / Mobile Security Monitor or Controller


4.

Uses vendor software pieces for actual security policy enforcement (prevent copying, printing, saving, etc.)

Any venders' security monitor and control systems

Easily accommodate the software variation, migrations and upgrading


3. AN OPERATION EXAMPLE (See Fig.1 below)

A user gets a PMASD (PC / Mobile System Attached Security Device) with a set of a user

ID and its password.

The user ID, the password and the security policies for the user are copied from the

corporate security policy server into the PMASD device.

A pair of private & public keys of the user is generated into the TPM (Trusted Platform

Module) chip of the PMASD device. The public key of the file server is copied into it, too. The user inserts the PMASD device into his/her PC / Mobile Device. (Assumed the device

driver has already installed.)

The user is prompted for the user ID and the password and enter them.

The user starts downloading of an important file from the file server. The file is encrypted by

the user's public key on the fly. The file is either stored in a dedicated folder of either the PMASD device or the PC / Mobile Device disk.

When the user starts an application or a command and accessing the file a PC/Mobile

security monitor module is loaded into the PC/Mobile from the PMASD device. The combination of the PC/PMASD security monitor and the PMASD device...