Browse Prior Art Database

RFID Keyboard Keylogger to provide individual accountability in outsourcing activities Disclosure Number: IPCOM000220117D
Publication Date: 2012-Jul-23
Document File: 1 page(s) / 42K

Publishing Venue

The Prior Art Database


This idea is to provide individual accountability independently of any application or operating system by using a RFID Keyboard which can be unlocked only when a Id smart card with RFID is put on, store all keystrokes, and lock again when the smart card is taken away. (This is not an authentification method)

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 68% of the total text.

Page 01 of 1

RFID Keyboard Keylogger to provide individual accountability in outsourcing activities

In outsourcing activities, actions are logged by administrators in order to execute a Root Cause Analysis on any security incident which may occur.

    In a security investigation, it is important to know exactly who was doing what and when.

A frequent case where this fails could be:

- John, an administrator, has to backup and restore a production server following a SEV 1 ticket. - at 16h10 PM John logs into the server with his individual UserId and launches a backup script. - at 17h00 PM the backup script failed, so John removed some files on the server, and changed some permissions. - at 17h30 PM the backup script is launched again successfully but John has to leave work and go home leaving his session active until the backup script is finished (perhaps late in the night but John can't stop the session running without stopping the backup). - before leaving he gives some instructions to Paul to check the backup during the evening. - at 21h00 PM the backup script failed again.

- To determine what has happened Paul uses John's opened session and doesn't log in himself on the server. - Paul, who is not aware which files were deleted and permissions changed by John, makes a mistake and crashes the server. During the root cause analysis the last command which crashed the server will be imputed to John (not to Paul!)

The solution is to use a combination of:

- RFID Identification Card