USO0RE423 82E

(19) United States (12) Reissued Patent

(10) Patent Number:

Weiss (54)

(45) Date of Reissued Patent:

VOLUME MOUNT AUTHENTICATION

(75) Inventor:

Jason Robert Weiss, Katy, TX (US)

(73) Assignee: BBS Technologies, Inc., Houston, TX

(Us) (22) Filed:

7,107,610 132*

9/2006 L662 .............................. .. 726/4

3/2007 Dujariet a1.

726/5

7,318,150 B2 *

1/2008 Zimmer et a1.

713/2

2002/0083339 A1*

6/2002 Blumenau et a1. .

713/201

2003/0163719 A1*

8/2003

713/193

2004/0117318 A1*

6/2004 Grawrock

2005/0015611 A1*

1/2005

Reissue of:

10/898,048

Filed:

Jul. 24, 2004

WO 03107589 A1 * 12/2003

12/2003

(57)

ABSTRACT

There is a variety of media that may be inserted into a reading

(2006.01) (2006.01) (2006.01) (2006.01) (2006.01)

or writing device, such as CD’s, USB drives, ?oppy disks,

U.S. Cl. .......... .. 726/2; 713/165; 713/167; 713/193;

(58)

Field of Classi?cation Search ...................... .. None

713/194; 726/16; 726/17; 726/26; 726/27 See application ?le for complete search history.

the Level of Trust Zone, appropriate action handlers may direct the computer to disallow the mounting of the media,

U.S. PATENT DOCUMENTS 11/1998

memory sticks, and many other devices. Media is inserted into a media reading or writing device that is in communica tion with a computer or network device. Upon insertion of the media, a number of metadata regarding that media is available to the computer. The trustworthy calculator is typically a plug-in software module that processes each piece of volume metadata and applies a weighed score, resulting in a Trust worthy Factor. A scoring matrix denotes ranges of values of the Trustworthy Factor into a Level of Trust Zone. Based on

References Cited

5,832,213 A *

W0

Dowler, LLP

(52)

(56)

WO03/107589

(74) Attorney, Agent, or Firm * Park, Vaughan, Fleming &

Jan. 20, 2009

Appl. No.:

WO

Primary Examiner * Benjamin E Lanier

7,480,931

Int. Cl. G06F 7/04 G06F 17/30 G06K 9/00 H04L 9/32 H04L 9/00

705/66

Poisner ....................... .. 713/200

* cited by examiner

Related U.S. Patent Documents

Issued:

Ebihara ............ ..

FOREIGN PATENT DOCUMENTS

Aug. 20, 2010

(64) Patent No.:

May 17, 2011

7,191,467 B1*

(21) Appl.No.: 12/860,612

(51)

US RE42,382 E

Duncan ......................... .. 726/35

6,012,145 A * 6,014,746 A *

1/2000 Mathers et a1. .. 1/2000 Krehnke et a1. .

726/17 726/22

6,119,232 A *

9/2000

726/21

Duncan .......... ..

6,301,665 B1*

10/2001

6,665,714 B1*

12/2003 Blumenau et a1.

Simonich et a1.

6,711,685 B1*

3/2004 Schaalet a1.

6,904,493 B2*

6/2005

.... .. 726/2

.. 709/222

may require speci?c authentication action to take place prior to allowing a mount of the media, or may indicate that the

media may be mounted without further authentication. Upon completion of the execution of the action handlers, a decision to allow or disallow the mount is made.

726/31

74 Claims, 10 Drawing Sheets

Chiao et a1. ................. .. 711/103

"""Wwmpc

sun

Aummmlly sun

sun

sum saw" a mm 25

(Suppons IMWDIB “11mm DEW “mm-“my

517a

sm \

111.61" Pmglu: air 15 5420

mama s

01mm Lugml 01-11 11 \o Panitinn 1a 541 a

emu» a Momma

mummy Flqnr Sec" 27 FOR EACH "mam moment a wmmm I mm

Load swim mm (Plug-1n] 11

mm :4 m: I mammum pnnlhll were value 25

Fatah Sterne Dwine m1 Mnuu-l- sum-ms

mm Lwlcll 011k on:

Delelminl Level MTrull 21m 1:

memum Elamanl a‘

Fetch Disk Pinlllon Dam Mumm- Element a"

mun Phyliul Mi- Dal: Mama-x: slemme‘" 1 sum Mem- 1

2mm Anian Hum" Humans

Laud Yrunwcnhy Fm’ Calculator (PIug-ln) 8

s0

saso

sm

US. Patent

May 17, 2011

Sheet 1 0f 10

Detect Insertion of Media 1 into Media Devioe 2

US RE42,382 E

3100

v

Extract Metadata 6

———————— S200

v

Load Trustworthy Factor Calculator 9

$300

1

Calculate Trustworthy Factor Score 27

——————— $400

1

Load Scoring Matrix 11

————~———-— 3500

7

Determine Level of Trust Zone 12

3500

1

Execute Appropriate Zone Action Handler 14 to determine Zone Action Handler

Response 28

Mount Media 1?

V

Disallow Mount

Allow Mount

S800

Figure 1

3700

US. Patent

May 17, 2011

User Logs Into PC

US RE42,382 E

Sheet 2 0f 10

S110

(Computing Device 3)

S150

Automatically Stan

S120

VoiumeTrust 50 Application

i

User Inserts

S140

Wait for media noti?cation to

analyze volume mount point 5

External

Storage


Device 2

with Media 1

i

S200

/ S160

Spawn a Thread 29

(Supports multiple analyses to occur simultaneously

l

Metadata 6

// S170

Convert Logical Disk 17 to Partition 18

Display Progress Bar 15 $220

S420

S410 Calculate 3 Normalized

Convert Partitiont? to Physical

Trustworthy Factor Score 27

Drive 19

FOR EACH

5500 \i

metadata element

Load Scoring Matrix (Plug-In) 11 ‘

8 compute a score value 24 and a

>

maximum possible $600

Fetch Storage Device Data Metadata Element 8

score value 25.

Apply weighing

i

7

factors 23.

Determine Level of Trust Zone 12

Accumulate as a raw score 10 and

>

Fetch Logical Disk Data Metadata Element 8'

accumulate as an

$700 ;

i

overall maximum score 26

Execute Zone Action Handler 14 for Determined Level of Trust Zone 12

Fetch Disk Partition Data Metadata Element 8"

f

L Fetch Physical Media Data Metadata Element 8"’

ount Media 1. 1

Zone Action Handler Response

Initialize Calculator 9 and Load Weighing Factors 23

39



8350

Disallow Mount

Allow Mount

Figure 2

Load Trustworthy Factor Calculator (Plug-in) 9

i S300

US. Patent

May 17, 2011

S110

Sheet 3 or 10

\

User Logs Into Computing Device 3

8120 \L Automatically Start VolumeTrust 50 Application

8130 \l Identify Existing Volume Mount Points 5'

8160 \l Spawn a Thread 29

(Supports multiple analyses to occur simultaneously)

l

Figure 3

US RE42,382 E

US. Patent

May 17, 2011

Sheet 4 0f 10

US RE42,382 E

8700 Execute Zone Action Handler 14 for Determined Level of Trust Zone 12

I 8800 Mount Media 1? Zone Action Handler

Response 39 Yes

No

L_l Disallow Mount

S810

\

Allow Mount

Add Volume Mount Point Icon 40 to Show Level of Trust Zone 12

Figure 4

US. Patent

May 17,2011

SheetS 0f10

US RE42,382 E

Calculate a Trustworthy Factor Score 27 S420

l Load Scoring Matrix (Plug-In) 11

1 Identify Location

(Network, Printer, Scanner, etc.)

i

Lookup Alternate Scoring Matrix 11' for Current Location

i

S500

/////

S510

S520

Determine Level of Trust Zone 12'

S600

Figure 5

US. Patent

May 17,2011

US RE42,382 E

Sheet6 0f10

/ S300 Load Trustworthy Factor Calculator 9

(Plug-ln) Identify Location

/

l

8310

/

S320

Load Calculation Steps 22 from / Local PC

S330

Lookup Calculation Steps 22 based on current location

l l Initialize Calculator and

Load Weighing Factors 23

+

Figure 6

S350

US. Patent

May 17,2011

Sheet70f10

US RE42,382 E

/ $300 Load Trustworthy Factor Calculator 9

(Plug-In) Identify Location

if $310

i

Lookup Calculation Steps 22' for

of’ S320

current location

i Download Calculation Steps 22'

f S340

from Remote PC 32

l Initialize Calculator and

Load Weighing Factors 23

+

Figure 7

8350

US. Patent

May 17, 2011

Sheet 8 or 10

US RE42,382 E

seoo \\ Determine Level of Trust Zone 12

Execute Zone Action Handler 14 for Determined Level of Trust Zone 12

’ ls Media 1' Previously

\ Trusted?

S705 S760

\

Nol/

Prompt for Password Action Handler 13

Always Associate Media 1' with Mount or Dismount Conclusion. Remember Media Action Handler

N 8710

i Prompt for Biometric Action Handler 13'

33

;\ — $720

I

v

Prompt for Security Token Card Action Handler 13" i\\ 3730 Y

Determine if user belongs to the

es

Administrator Security Group

Determine and Track Association with a Fixed Expiration Date Y

\

Action Handier 13"‘

e5

3770

5740

\\\ gember

// S750

Media Zone Action Handler\»L—_——

\ Response 33? / LNG v

’/

8800

Arum Media 1'? Zone Action Handler N0

\

Response 39?

\V,

Yes

AHOWMM

I

F lgure 8 .

US. Patent

May 17, 2011

Sheet 9 or 10

8110

User Logs Into

/

Computing Device 3 7

Automatically Start

S120

/

VolumeTrust 50 Application $140 7

Wait for media noti?cation to

analyze Volume mount point 5



Volume Mount Notification 16

S160

Spawn a Thread 29

(Supports multiple analyses to occur simultaneously)

Figure 9

US RE42,382 E

US. Patent

May 17, 2011

Sheet 10 0f 10

US RE42,382 E

S200

Metadata 6

S220

Convert Partition18 to Physical __—>

_

Drive 19 V

Fetch Storage Device Data Metadata Element 8 S230 / V

Fetch Logical Disk Data Metadata Element 8‘ S240 / V

Fetch Disk Partition Data Metadata Element 8" S250 / V

Fetch Physical Media Data Metadata Element 8"‘ S260 / Y

Fetch Data Channel Metadata 20

S270 /

l Fetch Media Device 2 Metadata

S280

Load Trustworthy Factor Calculator (Plug-In) 3300

Figure 10

US RE42,382 E 1

2

VOLUME MOUNT AUTHENTICATION

The core application, calledVolume Trust, relies on a series

of fuZZy logic calculations that inspect the attributes (size, number of sectors, drive interface type, et cetera) of a volume,

Matter enclosed in heavy brackets [ ] appears in the original patent but forms no part of this reissue speci?ca

applying weighted calculations to determine a raw score and an overall maximum possible score. This raw score is then

tion; matter printed in italics indicates the additions made by reissue.

mathematically adjusted to be within the range of 0 to 100, resulting in a Trustworthy Factor score for the volume under going authentication. The Trustworthy Factor score can be calculated in a completely non-intrusive way, meaning that no data whatsoever has to be written to the volume during this process. As a result, read-only media such as CD-ROM’s and

BACKGROUND

1. Field of the Invention The present invention relates to the authentication of vol ume mount points, and in particular the ability of an operating system to selectively accept or reject a volume mount point request for media based on a con?gurable set of rules. 2. Description of Prior Art Individuals, corporations and governments face an increas ing threat from within. Unethical individuals have at their disposal a multitude of high volume storage mediums avail

able by simply walking into a local electronics store. Anyone

DVD’s may be assigned unique Trustworthy Factor scores and there is no change in the amount of free space available on

read/write volumes after the process completes. The Trustworthy Factor score is not an absolute threshold.

Analogies can be drawn to the popular consumer credit rating system. In that system, the higher the credit score, the less risk there is that the consumer will default on a loan. However, 20

as the Trustworthy Factor score increases, the likelihood of

can pay several hundred dollars or less to purchase storage devices that are highly resistant to detection. These devices

the volume containing malignant code or being used for mali cious purposes decreases, though the threat is never entirely

assuredly help simplify the act of corporate and government espionage and greatly facilitate the proliferation of computer viruses, electronic Trojan Horses, and similar objects of com puter mass in?ltration. Even institutions that employ security checkpoints where backpacks and briefcases are searched

25

and everyone must walk through a metal detector face the 30

sitive ?nancial documents on a device that is roughly the siZe of a clasp on a braZier.

Undoubtedly plug-and-play hard drives, palm-sized

mounted as a ?xed disk inside a computer, where the com 35

over-the-air digital data communications are now pervasive

in today’s society. As the popularity and number of these types of devices continue to grow, enterprise Information Technology (IT) departments, as well as a growing consumer base, are demanding methods to authenticate and trust certain physical devices while rejecting access to other physically identical devices. Obtaining such authentication and trust has to be accomplished in a way that does not compromise busi ness productivity. To illustrate by example, consider employeeA, who steps away from a physically secured laptop computer. Visitor B is able to quickly plug a USB ?ash drive into the computer. Visitor B may quickly copy trade secrets from the computer to the USB ?ash drive, or may download a computer virus from the USB ?ash drive to the computer. Visitor B is able to complete these tasks and remove the USB

large impediment to business productivity. By its very nature, a weighted scoring system provides administrators the ability to factor each capability of the volume in a different way. For instance, consider this example that inspects only the disk interface. An IDE hard drive

or more of business intelligence, classi?ed drawings, or sen

mobile storage solutions, infrared and radio frequency (RF)

eradicated. The only true way to eradicate the threat from mobile, external storage devices is to build a computer that has no external ports and is physically secured to ensure new drives can not be inserted. In the course of day-to-day busi ness operations, such a device is impractical and would be a

daunting challenge of detecting and deterring someone from walking out the front door with 256 MB, 512 MB, 2 GB, 4 GB

regardless of how high the credit score is, there is always the possibility of the consumer defaulting on the loan. Similarly,

40

puter case has been secured, might score a Trustworthy Factor score in the mid-sixties and be considered a highly trustable volume, a high level of trust. A 160 GB external IEEE 1394 drive, which resides outside the computer case, might score a Trustworthy Factor score in the low thirties. It may be con sidered a moderately trustable volume, since there are no

pocket-sized or palm-sized drives meeting that description. A 64 MB USB keychain drive might yield a Trustworthy Factor score less than twenty, meaning that it should be considered as untrustworthy and potentially a security threat, a low level 45

of trust.

Typically, over twenty ?ve different factors, called meta data elements, are examined in the computation of a volume’ s Trustworthy Factor score. Each factor can be given different

weighing factors, as appropriate for the organization being 50

?ash drive prior to employee A's return. EmployeeA will have little chance to know that business intelligence was taken, nor that a virus was implanted.

served. For example, consider two devices, one that discloses the number of sectors and tracks it contains and another that does not. The device that discloses the number of sectors information is more trustworthy than the device that fails to

disclose. Thus, the disclosing device receives a slightly higher BRIEF SUMMARY OF THE INVENTION

55

The present invention provides a dynamic and expeditious means of authenticating one or more mountable volumes. If

the circumstances surrounding the volume undergoing authentication are found to be su?iciently proper, the volume

60

is considered trustworthy and a mounting request is allowed

di?icult to mount an IDE drive outside the computer case. Thus, an IDE drive mounted inside a locked computer case

to proceed. If circumstances are found to be outside the range

of that considered proper, the mounting request is denied. In the case of a volume already mounted, dismounting action may be taken. The present invention further provides a means of determining whether the found circumstances are proper, that is trustworthy, or not.

Trustworthy Factor score. However, other factors may be more important in determining the trustworthiness of the device. Another factor is the interface type used to interact with the device (IDE, USB, IEEE 1394, et cetera). This factor indicates the portability of the volume. IDE is considered more trustworthy than USB for the simple fact that it is

should be considered to have a high level of trust. One of the bene?ts of the present invention is the use of 65

administrator-con?gured weighing factors to discriminate more important volume factors, metadata elements, from oth ers. This allows the Volume Trust application to be adjusted to

US RE42,382 E 4

3 local needs Without need for recompilation. Increasing the Weighing factors directly impacts the trustworthy factor score

FIG. 1 is a an overall ?oW-chart vieW of the basic process

steps of the volume mount authentication process, S100

of a volume that discloses that metadata element. In fact, the Volume Trust application can be tuned in the ?eld in a matter of seconds to respond to the circumstances at hand. For example, a laptop used by an individual at their cubicle on the

through S800; FIG. 2 is a detailed ?ow-chart vieW of the core process

steps of the volume mount authentication process; FIG. 3 is a ?oW-chart vieW of the boot analysis steps; FIG. 4 is a ?oW-chart vieW of the graphic identi?cation

37th ?oor of corporate headquarters is at minimal risk. When that laptop is taken on a business trip to a conference room

steps;

With 30 strangers at a client’s of?ce, the level of risk should increase moderately. NoW, When that same laptop is taken to the Comdex tradeshoW ?oor Where there are hundreds of

FIG. 5 is a ?oW-chart vieW of dynamic adjustment of the scoring matrix, based on the perceived location of the com

thousands of strangers Walking around, the maximum level of protection should be enabled and the Volume Trust applica tion should be extremely skeptical about every external stor

puting device;

age device.

on the perceived location of the computing device; FIG. 7 is a ?ow-chart vieW of remotely accessed dynamic adjustment of the calculating steps of the TrustWorthy Factor Calculator, based on the perceived location of the computing

FIG. 6 is a ?oW-chart vieW of dynamic adjustment of the

calculating steps of the TrustWorthy Factor Calculator, based

OBJECTS AND ADVANTAGES

While the present invention may be practiced using soft Ware, hardWare or ?rmWare, it is an object of the present invention to provide a softWare based solution to volume

device; 20

mount authentication.

steps; and

An advantage of the present invention is that it may be

FIG. 10 is a ?oW-chart vieW of the metadata extraction

cost-effectively deployed to a large installation base through

steps.

common softWare distribution techniques and does not

require technicians to manipulate computer hardWare. The present invention is backWards compatible, easily Working With existing computer infrastructure. The present invention is operating system independent. The present invention is independent of programming lan guage. The present invention alloWs a storage device, such as a DVD or CD-ROM drive, or card reader, to remain online

REFERENCE NUMERALS

25

1 Media 2 Media device 30

3 Computing device 4 Computer 5 Volume mount point 6 Metadata

While scrutinizing the media associated With the storage device. The present invention does not require the modi?cation of existing user security privileges, nor does it require the cre

FIG. 8 is a ?oW-chart vieW of the authentication steps; FIG. 9 is a ?oW-chart vieW of the volume mount point

7 Metadata object 8 Metadata element 35

9 TrustWorthy factor calculator 10 RaW score

ation or modi?cation of specialiZed security privilege groups. The present invention operates in real-time by leveraging

11 Scoring matrix

the event noti?cation mechanisms built into most operating

12 Level of trust Zone

systems. The present invention does not rely on cryptographic algo rithms susceptible to aging, Which become insecure over time, nor does it rely on expensive and administratively time

40

15 Progress bar 16 Volume mount noti?cation

consuming Public Key Identi?cation (PKI). The present invention does not require any modi?cation of

existing computer or computer-peripheral manufacturing

45

techniques.

21 Media computing devices 22 Calculation steps 23 Weighing factors

re?ne the fuZZy logic used to establish trust betWeen the device and media Without requiring access to source code and

The present invention alloWs for easy audit and logging of external storage device interactions through its robust and ?exible daisy-chained list of Zone action handlers. The present invention Works on virtually all devices that contain a microprocessor, from computers to phones to per sonal digital assistants across operating systems and pro

50

24 Score value 25 Maximum possible score value 26 Overall maximum score

27 TrustWorthy factor score

28 Ultimate signal 55

gramming languages.

29 Thread 30 Alternate calculation steps

31 Alternate scoring matrix 32 Remote location 33 Remember Media action handler

The present invention provides the ability to slide the level of trust based upon external security factors, such as different states of terrorist alerts.

17 Logical disk information 18 Physical disk partition address 19 Physical storage device address 20 Data communication channels

The present invention alloWs an administrator or user to

redistributing neW binary run-time objects.

13 Action handler 14 Zone action handler

60

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING

34 Media Previously Trusted action handler 35 External security level 36 Data structures 37 Matrix of numerical scores

38 Matrix of Weighing factors The present invention and its advantages Will be better

understood by referring to the folloWing detailed description

39 Zone action handler response 40 volume mount point icon

and the attached draWings in Which:

50 Volume Trust (application)

65

US RE42,382 E 6

5

factor calculator 9 is typically a plug-in software module that processes each metadata element and applies a weighed score, resulting in a trustworthy factor score 27, step S400. A

S100 Detect Insertion of Media

S110 User Logs onto Computer

S120 Automatically Start Application S130 Identify Existing Mount Points

scoring matrix 11 is loaded, step S500. Scoring matrix 11 denotes ranges of values of the trustworthy factor score 27 into Zones, typically four Zones. Scoring matrix 11 is used to

S140 Wait for Media Noti?cation S150 User Inserts External Storage Device with Media S160 Spawn a Thread

convert trustworthy factor score 27 into a Zone number, called a Level of Trust Zone 12, step S600. Based on the value of Level of Trust Zone 12, an appropriate Zone Action Handler

S170 Display Progress Bar S200 Extract Media Metadata S210 Convert Logical Disk to Partition S220 Convert Partition to Physical Drive

14 is selected, step S700. By returning a Zone Action Handler Response 28, Zone Action Handler 14 may direct computing device 3 to disallow the mounting of media 1, may require speci?c authentication action to take place prior to allowing a

S230 Fetch Storage Device Data S240 Fetch Logical Disk Data S250 Fetch Disk Partition Data

mount of media 1, or may indicate that media 1 may be

S260 Fetch Physical Media Data

mounted without further authentication. Typically, Zone Action Handler 14 comprises a plurality of action handlers

S270 Fetch Data Channel Data S280 Fetch Media Device Data

that are executed in succession. Upon completion of execu tion of Zone Action Handler 14, a decision to allow or disal low the mount is made, step S800. Furthermore, a media device may be hosted by a second

S300 Load Trustworthy Factor Calculator S310 Identify Location S320 Lookup Trustworthy Factor for Identi?ed Location S330 Load Trustworthy Factor Calculator from Local

computing device. Such second computing device may

Computer

abstract the media device from the ?rst computing device. For example, a desktop PC is a ?rst computing device which is

S340 Download Trustworthy Factor Calculator from Remote Location

S350 InitialiZe Calculator and Load Weight Factors S400 Calculate Trustworthy Factor S410 Compute Actual and Maximum Possible Score S420 Calculate Normalized Trustworthy Factor S500 Load Scoring Matrix

25

S510 Identify Location S520 Lookup Scoring Matrix for Identi?ed Location

30

S600 Determine Level of Trust Zone S700 Execute Appropriate Zone Action Handlers S705 Check if Media Previously Trusted S710 Prompt for Password S720 Prompt for Biometric

computing device which is hosting the media device. In all cases, the second computing device, or any computing inter mediary, is effectively the same as a media device which it is

35

Typically, a user logs into computing device 3, step S110. A personal computer is used for purposes of illustration, but

40

computing device 3 may be any of a myriad of devices either now known or developed in the future. For example, comput ing device 3 may be a Windows or LINUX based personal computer, a Macintosh, a UNIX machine, a Personal Digital Assistant, a telephone or telephone system, a network con

S740 Determine if User Belongs to the Administrator

Security Group

troller, server, workstation, digital appliance, computeriZed test equipment, custom computer, et cetera. Typically, the volume mount authentication application, called Volume

Trust 50, is started automatically, step S120. Application 45

DETAILED DESCRIPTION OF THE INVENTION

An overall ?ow-chart view of the basic process steps of the volume mount authentication process, S100 through S800, is

50

other devices. Media 1 is inserted into a media reading or

networks, such as “Blue Tooth”, and even radio frequency connections to telephone cell towers. The volume mount

point, regardless of the form it takes, establishes the link between the logical connection and the physical connection

device 3, such as a computer or network device. Computing

to a device and its media. When a user inserts an external 60

storage media device 2 with media 1, or media 1 into a

connected storage media device 2, step S150, a volume mount noti?cation 16 occurs and is recogniZed by application Vol

type of media, its cryptographic characteristics including its ID, its actual physical siZe, the ?le architecture used (such as “FAT32”, “FATl6”, et cetera), sector siZe, et cetera. Metadata 6 is extracted, step S200. If not already available, a trustwor thy factor calculator 9 is loaded, step S300. Trustworthy

or media capable of being mounted or recogniZed by the computer. Volume mount points exist for all typical computer devices, especially those holding data, such as hard drives, ?oppy disks, CD/DVD drives, et cetera. Volume mount points signal creates a volume mount point, as does personal area

55

writing device 2 that is in communication with a computing

device 3 detects insertion of the media, step S100. Upon insertion of media 1, data structures containing metadata 6 related to media 1 becomes available to computing device 3. For example, metadata may include information about the

Volume Trust 50 polls or waits for noti?cation to analyZe a volume mount point 5, step S140. A volume mount point is an abstraction of the memory addresses that reference a device

also exist for devices connected by way of infrared and radio signals. Beaming data to a computer by way of an infrared

shown in FIG. 1. There is a wide assortment of media cur

rently available that may be inserted into a media reading or writing device. Examples include, but are not limited to:

CD’s, USB drives, ?oppy disks, memory sticks, and many

hosting. The meaning of the term media device may include any media device, its host, or other computing intermediary. A detailed ?ow-chart view of the core process steps of the volume mount authentication process is illustrated in FIG. 2.

S730 Prompt for Security Token Card S750 Remember Media Decision S760 Always Associate Media with Mount or Dismount Conclusion S770 Determine and Track Association with an Expiration Date S800 AllowiDisallow Mount S810 Show Level of Trust Zone

performing volume mount authentication on a PDA (a hand held portable computer) that contains a media device such as a hard disk storage drive. The PDA in this example is a second

ume Trust 50. Application Volume Trust 50 spawns a thread

29, step S160, to begin the volume trust authentication pro 65

cess. While it is not necessary to spawn a thread in order to

practice the present invention, it is of great advantage to use multi-thread techniques. Use of multi-threading allows

US RE42,382 E 7

8

authentication of a plurality of media while the ?rst media is still undergoing authentication. Optionally, a progress bar 15

a trustworthy factor score falling between 0 to 15 may be classed as Zone one (1), a trustworthy factor score falling between 16 to 50 as Zone two (2), a trustworthy factor score

is displayed for the user’s bene?t, step S170.

falling between 51 to 80 as Zone three (3), and a trustworthy factor score falling between 81 to 100 as Zone four (4). Once Level of Trust Zone 12 is identi?ed, the Zone information is used to select and execute a Zone Action Handler 14 for that

Volume mount noti?cation 16 must be decoded so meta

data 6 that is related to media 1 may be extracted. This is done

by ?rst converting the logical disk information 17 into a

physical disk partition address 18, step S210. Note, physical

Level of Trust Zone 12, step S700. Continuing the example, a

disk partition address 18 is commonly known to refer to any block of storage space that may be read from, written to, or is

trustworthy factor score of 45 falls between 16 and 50 and is therefore classed as Zone two (2). The Zone Action Handler corresponding to that Zone two (2) is then executed.

both readable and writable. Physical disk partition address 18 is then converted into a physical storage device address 19, step S220. These steps of deabstracting the information are

Zone Action Handler 14 may perform a variety of actions,

typically performed using routine libraries, and these steps

which will be detailed in FIG. 6.

are well known to those skilled in the art. Once the physical

Zone Action Handler 14 returns an ultimate signal, a Zone Action Handler Response 39, to allow mount of media 1 or disallow mount of media 1, step S800. This concludes the volume mount authentication process. FIG. 3 further details the boot analysis steps in the case of

drive information is obtained, the storage device data is

extracted, step S230, along with logical disk data, S240, disk partition data, S250, and physical media data, S260, from their respective data structures, as is appropriate for the media being authenticated. Such collected metadata 6 is stored as a

volume metadata object 7. Typically, at least two doZen meta data elements 8 describing media 1 and media device 2 are

20

gathered. One or more data communications channels may exist

between the computing device and the media device or media itself. In such cases, it is also possible to collect metadata associated with the data communications channel.

25

spawns a thread 29, step S160, to begin the volume mount authentication process for each detected volume mount point 5'.

The media may also be associated with one or more media

devices, data communications channels, or media computing devices, each of which are abstracted behind the volume

mount point. For instance, the computing device under

authenticating existing volume mount points 5'. Typically, a user logs into computing device 3, step S110. Typically, application Volume Trust 50 is started automatically, step S120. Application Volume Trust 50 polls for existing volume mount points 5' seen by computing device 3, step S140. For each volume mount point 5', application Volume Trust 50

30

FIG. 4 illustrates an optional step of alerting the user that a volume mount has been authenticated by the Volume Trust application. Zone Action Handler 14 returns Zone Action

authentication may detect a volume mount point from an

Handler Response 39 to allow mount of media 1 or disallow

infrared signal being sent from a handheld computing device

mount of media 1, step S800. If the mount is allowed, a

containing a miniature hard disk drive that is plugged into the handheld computing device’s USB port. The miniature hard disk drive represents the media device. In such a con?gura tion, the computing device under authentication may retrieve metadata from the infra-communication channel, the hand held computing device itself, its USB data channel, and the

volume mount point icon 40 is displayed or otherwise com

municated, re?ecting the Level of Trust Zone for which the 35

mounted. This icon or communication may be used by the

operating system, throughout the operating system applica tion dialogs, to denote the Level of Trust Zone.

miniature hard disk drive.

Trustworthy factor calculator 9 is loaded, step S300. Typi cally, in a Windows operating system, trustworthy factor cal culator 9 is a dynamic linked library, a plug in module. Trust worthy factor calculator 9 looks up and loads calculation steps 22 associated with the metadata elements of interest. Trustworthy factor calculator 9 loads weighing factors 23 which correspond to the metadata elements, step S350. For

mount was allowed. This alerts the user of the trust level circumstances which allowed media 1 or media device 2 to be

40

FIG. 5 illustrates use of the device connection information

to guide dynamic adjustment of scoring matrix 11. Trustwor thy Factor Calculator 9 returns Trustwor‘thy Factor Score 27, step 420. The initial scoring matrix 11 is loaded, step S500. Devices connected to computing device 3 (such as network 45

connections, printers, media devices) are identi?ed, step S510, establishing a perceived location for computing device

each metadata element 8, Trustworthy factor calculator 9,

3. For example, it may be found that computing device 3, say

using calculation steps 22, determines a score value 24 and its maximum possible score value 25. Weighing factors 23 are applied to each score value 24 and each maximum possible

a laptop computer, is connected to a wireless network at a remote location rather than docked to a high-security network inside an of?ce at a ?xed location. Adjustments to the scoring

50

score value 25. Score values 24 are accumulated as a raw

matrix 11 are selected from one or more alternate scoring

score 10 and the maximum possible score values 25 are accumulated as an overall maximum score 26, step S410. Accumulated raw score 10 is normaliZed, based on overall

matrices 11', based on the perceived location of computing

maximum score 26, step S420, establishing a trustworthy factor score 27. Typically, for convenience, trustworthy factor

device 3, step S520. Continuing with the laptop computer 55

ment in order to produce a mount authentication. The Level of

Trust Zone 12' is determined by comparing the Trustworthy Factor Score 27 to the adjusted scoring matrix 11', step S600.

score 27 is set to create a range of Zero (0) to one hundred

(100). This is accomplished by simply dividing accumulated raw score 10 by overall maximum score 26 and multiplying

by one hundred (100). Scoring matrix 11 is loaded, step S500. Typically, in a Windows brand operating system, this module is a dynamic

FIG. 6 illustrates use of device connection information to 60

guide dynamic adjustment of the Trustworthy Factor Calcu

65

lator. Trustworthy Factor Calculator 9 is loaded, step S300. Devices connected to computing device 3 are identi?ed, step S310. Based on the perceived identi?ed location, the appro priate calculation steps 22 to use are selected, step S320. For example, it may be found that computing device 3, say a

linked library, a plug in module. Scoring matrix 11 is a set of

established thresholds used to classify resulting Trustworthy Factor Score 27 created the Trustworthy Factor Calculator 9. The Zone encompassing Trustworthy Factor Score 27 is iden ti?ed as the Level of Trust Zone 12, step S600. For example,

example, scoring matrix 11 may be adjusted, or an alternate scoring matrix 11' loaded, to re?ect a higher score require

laptop computer, is connected to a wireless network at a remote location rather than docked to a high-security network

US RE42,382 E 9

10

inside an of?ce at a ?xed location. This means that calculation

determination, step S705. An additional alternate embodi

steps 22, one for remote Wireless operation, are required. Calculation steps 22 are loaded, step S330. Trustworthy Fac tor Calculator 9 then loads Weighing factors 23 Which have been previously determined for the media 1 and media device

ment is to enable the Remember Media Action Handler 33 to grant such mount or dismount association for a ?xedperiod of

2 undergoing authentication, step S350.

of time or other validity condition in making its mount or dismount conclusion. FIG. 9 illustrates volume mount point steps. Typically, a

time, or other validity condition, step S770. In such case, Media Previously Trusted Action Handler 34 uses the period

FIG. 7 illustrates use of device connection information to

guide dynamic adjustment of Trustworthy Factor Calculator

user logs into computing device 3, step S110. Typically, application Volume Trust 50 is started automatically, step

9, Where calculation steps 22' are obtained from a remote location 32, such as over a netWork or the internet. TrustWor

S120. Application Volume Trust 50 polls or Waits for noti? cation to analyZe a volume mount point 5, step S140. A

thy Factor Calculator 9 is loaded, step S300. Devices con nected to computing device 3 are identi?ed, step S310. Based on the perceived identi?ed location, the appropriate calcula tion steps 22' to use are selected, step S320. For example, it may be found that computing device 3, say a laptop computer,

noti?cation may occur When a device beams an infrared or

Wireless signal to the computing device or a device attached to

the computing device, step S155. Application Volume Trust 50 spaWns thread 29, step S160, to begin the volume mount

is connected to a Wireless netWork at a remote location rather than docked to a high-security netWork inside an o?ice at a

authentication process. FIG. 10 illustrates various details of the metadata extrac tion process. Partition information 18 is converted into physi

?xed location. This means that calculation steps 22', one for remote Wireless operation, are required. For very high secu

may not be obtained from computing device 3, rather must be

cal drive information 19, step S220. Once the physical drive information 19 is obtained, the storage device data is

doWnloaded from a speci?c secure remote location. Calcula tion steps 22' are loaded from a remote location, step S340.

extracted, step S230, along With logical disk data, step S240, disk partition data, step S250, and physical media data, step

rity situations, it may be required that calculation steps 22'

TrustWorthy Factor Calculator 9 then loads Weighing factors 23 Which have been previously determined for the media 1

20

25

and media device 2 undergoing authentication, step S350. FIG. 8 illustrates various details of the authentication pro

cess, including actions for external additional authentication, Which may be called upon by a selected Zone Action Handler. Scoring matrix 11 is used to convert TrustWorthy Factor Score 27 into Level of Trust Zone 12, step S600. Based on Level of

device, if one exists, step S280. The collected metadata 6 is stored as a volume metadata object 7, composed of metadata 30

elements 8. The TrustWorthy Factor Calculator is loaded, step S300.

Trust Zone 12, Zone Action Handler 14 is selected, step S700. Note, that Zone Action Handler 14 may in practice embody one or more action handlers 13, each of Which performs

particular tasks. Zone Action Handler 14 refers to the collec tive actions of all action handlers 13. Zone Action Handler 14

S260, as is appropriate for the media being authenticated. Additionally, it is optionally possible to obtain data associ ated With the data communications channel 20, step S270, and the media device 2 itself, including its hosted computing

35

An alternate embodiment of the present invention includes use of external reporting of security levels to adjust the scor ing matrix. A governmental agency, an industry, a speci?c plant or locale may issue security alerts of various levels. For

may return a response that recommends or directs computing

example, a re?nery may receive “red”, “orange”, “yelloW”, and “green” security levels, depending on external intelli

device 3 to disalloW the mounting of media 1, may require speci?c authentication action to take place prior to alloWing a

external security levels may be used to automatically modify

gence, terrorist action, or geopolitical conditions. These

mount of media 1, or may indicate that media 1 may be mounted Without further authentication. For instance, one action handler 13 may prompt the user for a passWord, step S710, then call a second action handler 13' to prompt for biometric information, step S720, Which in turn calls a third

40

action handler 13" to prompt for a security token card, step S730, then calling a fourth action handler 13"' to determine

45

the scoring matrix. In this example, a “red” or “orange”

security level, indicating a threatening security condition, may be used to require greater trustWorthy factor scores to meet speci?c level of trust Zone thresholds. In such case, the external security levels are used as indicators to adjust or

replace the scoring matrix to re?ect these more stringent

security requirements.

Whether the user belongs to an administrative security group,

Although the description above contains many speci?ca

step S740. Each of these action handlers 13, 13', 13", 13"'

tions, these should not be construed as limiting the scope of the invention but as merely providing illustrations of some of

returns a response. Various other authentication steps, noW

knoWn or to be developed, may be programmed into a Zone Action Handler 14 or its action handlers 13. Upon completion of execution of Zone Action Handler 14, a Zone Action Han dler Response 39 is returned and a decision to alloW or dis

50

and apparatus described herein may be practiced, including

alloW the mount is made, step S800. In an alternative embodiment, Zone Action Handler 14 may include the capability to decide Whether to remember the external additional authentication for the particular media or

55

media device being authenticated, step S750. In such case, Zone Action Handler 14 includes a Remember Media Action

Handler 33, Which may be con?gured to alWays associate the

60

particular media 1' With a mount or dismount conclusion, step S760. Such being the case, the next time that particular media 1' is subject to an authentication request, another action han

dler, the Media Previously Trusted Action Handler 34, may directly return a mount or dismount conclusion Without 65

invoking other action handlers to prompt for passWord, bio metrics, security token card, or administrator security group

the presently preferred embodiments of this present inven tion. Persons skilled in the art Will understand that the method

but not limited to, the embodiments described. Further, it should be understood that the invention is not to be unduly limited to the foregoing Which has been set forth for illustra tive purposes. Various modi?cations and alternatives Will be apparent to those skilled in the art Without departing from the true scope of the invention. While there has been illustrated and described particular embodiments of the present inven tion, it Will be appreciated that numerous changes and modi ?cations Will occur to those skilled in the art, and it is intended as herein disclosed to cover those changes and modi?cations

Which fall Within the true spirit and scope of the present invention. I claim: 1. A method for authenticating computer media for com munication With a computing device, comprising the steps of:

US RE42,382 E 11

12

a) detecting a media volume mount point; [b) deabstracting a logical address of said media volume mount point into a physical disk partition address;]

said metadata elements, said alternate loading based on the results of said identifying of devices connected to

[c] b) deabstracting said [physical disk partition address]

9. The method as claimed in claim 8 Wherein said alternate

said computing device. calculation steps are loaded from said computing device.

media volume mounlpoinl into a physical storage device

10. The method as claimed in claim 8 Wherein said alter

address;

nate calculation steps are loaded from a remote location.

[d] 0) receiving a plurality of metadata elements from data

11. The method as claimed in claim 1 further comprising

structures associated With one or more components from

the steps of:

the list comprising: said computer media, said physical storage device address, [said] a physical disk partition

a) identifying devices connected to said computing device; and

address, a data communications channel, and said media volume mount point;

b) adjusting said scoring matrix based upon the results of said identi?cation of devices connected to said comput

[e] d) loading a trustworthy factor calculator Wherein said trustWorthy factor calculator comprises calculation steps producing score values and maximum possible

ing device. 12. The method as claimed in claim 11 Wherein said adjust ments to said scoring matrix are loaded from a remote loca

score values associated With said metadata elements;

for said plurality of metadata elements, Wherein each

tion. 13. The method as claimed in claim 11 Wherein said adjust ments to said scoring matrix are loaded from said computing device. 14. The method as claimed in claim 1 Wherein said scoring matrix having discrete level of trust Zone values is loaded

score value used in said accumulation of said raW score

from said computing device.

[f] e) initialiZing said trustWorthy factor calculator With a matrix of Weighing factors associated With said plurality of metadata elements;

20

[g] j) accumulating a raW score based on said score values

is adjusted by said associated Weighing factors, accumu lating an overall maximum possible score for said maxi mum possible score values, Wherein each maximum possible score value used in said accumulation of said overall maximum score is adjusted by said associated Weighing factors, normalizing said raW score With said overall maximum score, Whereby a trustWorthy factor score is produced;

25

from a remote location.

16. The method as claimed in claim 1 Wherein said execu

tion of a Zone action handler comprises the step of requiring

speci?c authentication action. 30

[h] g) initializing said trustworthy factor calculator With a 35

produced;

19. The method as claimed in claim 1 Wherein said execu

tion of a Zone action handler comprises the step of prompting 40

[k] j) determining Whether said volume mount point

21. The method as claimed in claim 1 Wherein said execu 45

step of recording said Zone action handler responses for said

computing device.

computer media undergoing authentication. 50

5. The method as claimed in claim 1 further comprising the

24. The method as claimed in claim 22, Wherein said recording of Zone action handler responses is made on said

step of communicating said level of trust Zone value to a user 55

6. The method as claimed in claim 1 Wherein said trustWor

computer media undergoing authentication. 25. The method as claimed in claim 1, Wherein said execu tion of at least one of said Zone action handler comprises the

thy factor calculator loads calculation steps from a remote location. 7. The method as claimed in claim 1 Wherein said trustWor

thy factor calculator loads calculation steps locally from said

23. The method as claimed in claim 22, Wherein said recording of Zone action handler responses is made on said

computing device.

operating system of said computing device. of said computing device.

tion of a Zone action handler comprises the step of prompting a security token card. 22. The method as claimed in claim 1 Wherein said execu tion of at least one of said Zone action handler comprises the

3. The method as claimed in claim 1 further comprising the step of communicating said level of trust Zone value to said 4. The method as claimed in claim 1 further comprising the step of communicating said level of trust Zone value to an

the user for a passWord. 20. The method as claimed in claim 1 Wherein said execu

tion of a Zone action handler comprises the step of prompting for biometric information.

authentication should be permitted or denied based on the result of said Zone action handlers response. 2. The method as claimed in claim 1 Wherein said detecting

a media volume mount point comprises detecting existing volume mount points recogniZed by the computing device.

18. The method as claimed in claim 1 Wherein said execu tion of a Zone action handler further comprises the step of determining Whether the user belongs to an administrative

security group.

scoring matrix, Whereby a level of trust Zone value is i) executing at least one Zone action handler based on said level of trust Zone value, said Zone action handler returning at least one Zone action handler response; and

17. The method as claimed in claim 1 Wherein said execu tion of a Zone action handler further comprises the step of

determining Whether the user belongs to a particular group.

scoring matrix having discrete level of trust Zone values associated With trustWorthy factor scores;

[i] h) comparing said trustWorthy factor score With said

15. The method as claimed in claim 1 Wherein said scoring matrix having discrete level of trust Zone values is loaded

step of recording a validity condition. 26. The method as claimed in claim 25, Wherein said 60

recording of said validity condition is made on said comput

ing device.

computing device. 8. The method as claimed in claim 1 further comprising the

27. The method as claimed in claim 25, Wherein said

steps of: a) identifying devices connected to said computing device;

recording of said validity condition is made on said computer

and

b) loading alternate calculation steps producing score val ues and maximum possible score values associated With

media undergoing authentication. 65

28. The method as claimed in claim 1, Wherein said execu tion of at least one of said Zone action handler comprises the

step of recording a validity period of time.

US RE42,382 E 14

13 29. The method as claimed in claim 28, wherein said

44. The method as claimed in claim 38 wherein said trust

recording of said validity period of time is made on said

worthy factor calculator loads calculation steps locallyfrom

computing device.

said computing device.

30. The method as claimed in claim 28, Wherein said

45. The method as claimed in claim 38further comprising

recording of said validity period of time is made on said

the steps of' a) identifying devices connected to said computing device;

computer media undergoing authentication.

and

31. The method as claimed in claim 1 Wherein said execu tion of at least one of said Zone action handler comprises the

b) loading alternate calculation steps producing score val

steps of:

ues and maximum possible score values associated with

said metadata elements, said alternate loading based on

a) detecting a recorded Zone action handler response; and b) returning a Zone action handler response, based upon

the results of said identi?1ing of devices connected to said computing device.

said recorded Zone action handler response. 32. The method as claimed in claim 1 Wherein said execu tion of at least one of said Zone action handler comprises the

46. The method as claimed in claim 45 wherein said alter

nate calculation steps are loadedfrom said computing device.

steps of:

47. The method as claimed in claim 45 wherein said alter nate calculation steps are loadedfrom a remote location.

a) detecting a recorded validity condition; b) testing for said validity condition; and

48. The method as claimed in claim 38further comprising

the steps of' a) identifying devices connected to said computing device;

c) returning a Zone action handler response, based upon

said testing of said validity condition. 33. The method as claimed in claim 1 Wherein said execu tion of at least one of said Zone action handler comprises the

20

steps of:

a) detecting a recorded validity period of time; b) obtaining a present time; c) determining Whether said present time is Within said validity period of time; and

49. The method as claimed in claim 48 wherein said adjust 25

ments to said scoring matrix are loadedfrom a remote loca tion.

50. The method as claimed in claim 48 wherein said adjust ments to said scoring matrix are loadedfrom said computing device.

d) returning a Zone action handler response, based upon said determination. 34. The method as claimed in claim 1 Wherein said com

puting device communicates With said media through at least

and

b) adjusting said scoring matrix based upon the results of said identification of devices connected to said comput ing device.

30

5]. The method as claimed in claim 38 wherein said scor

one communications channel.

ing matrix having discrete level oftrust Zone values is loaded

35. The method as claimed in claim 34, further comprising the step of receiving a plurality of metadata elements from

from said computing device.

data structures associated With said communications channel. 36. The method as claimed in claim 1, further comprising

ing matrix having discrete level oftrust Zone values is loaded

52. The method as claimed in claim 38 wherein said scor 35

the step of receiving a plurality of metadata elements from

tion ofa Zone action handler comprises the step ofrequiring specific authentication action.

data structures associated With devices abstracted behind said

media volume mount point. 37. The method as claimed in claim 1 further comprising the steps of:

54. The method as claimed in claim 38 wherein said execu 40

a) identifying an external security level indicator; and b) adjusting said discrete level of trust Zone values associ ated With trustWorthy factor scores, based on the results of said identi?cation of external security level. 38. The method as claimed in claim 1, wherein the step of

55. The method as claimed in claim 38 wherein said execu

determining whether the user belongs to an administrative

security group. 56. The method as claimed in claim 38 wherein said execu

tion ofa Zone action handler comprises the step ofprompting the user for a password. 57. The method as claimed in claim 38 wherein said execu 50

volume mount point into said physical storage device address. 39. The method as claimed in claim 38 wherein said detect

ing a media volume mountpoint comprises detecting existing volume mount points recognized by the computing device.

tion of a Zone action handler further comprises the step of determining whether the user belongs to a particular group. tion of a Zone action handler further comprises the step of

deabstracting said media volume mountpoint into aphysical storage device address comprises: a) deabstracting a logical address ofsaid media mount point into a physical disk partition address; and

b) deabstracting saidphysical diskpartition address media

from a remote location. 53. The method as claimed in claim 38 wherein said execu

tion ofa Zone action handler comprises the step ofprompting

for biometric information. 58. The method as claimed in claim 38 wherein said execu

tion ofa Zone action handler comprises the step ofprompting 55

a security token card. 59. The method as claimed in claim 38 wherein said execu tion ofat least one ofsaid Zone action handler comprises the

40. The method as claimed in claim 38further comprising the step ofcommunicating said level oftrust Zone value to

step ofrecording said Zone action handler responsesfor said

said computing device.

computer media undergoing authentication.

4]. The method as claimed in claim 38further comprising the step ofcommunicating said level oftrust Zone value to an

60

60. The method as claimed in claim 59, wherein said recording ofzone action handler responses is made on said

operating system of said computing device.

computing device.

42. The method as claimed in claim 38further comprising the step ofcommunicating said level oftrust Zone value to a user ofsaid computing device.

6]. The method as claimed in claim 59, wherein said recording ofzone action handler responses is made on said

computer media undergoing authentication.

worthy factor calculator loads calculation steps from a

62. The methodas claimed in claim 38, wherein saidexecu tion ofat least one ofsaid Zone action handler comprises the

remote location.

step ofrecording a validity condition.

43. The method as claimed in claim 38 wherein said trust

65

US RE42,382 E 15

16

63. The method as claimed in claim 62, wherein said

70. The method as claimed in claim 38 wherein said execu

recording ofsaid validity condition is made on said comput ing device.

tion ofat least one ofsaid Zone action handler comprises the

steps of.‘' a) detecting a recorded validity period of time; b) obtaining apresent time; c) determining whether saidpresent

64. The method as claimed in claim 62, wherein said

recording ofsaid validity condition is made on said computer media undergoing authentication.

time is within said validityperiod oftime; and d) returning a Zone action handler response, based upon said determina tion. 7]. The method as claimed in claim 38 wherein said com

65. The method as claimed in claim 38, wherein saidexecu tion ofat least one ofsaid Zone action handler comprises the

step ofrecording a validity period oftime. 66. The method as claimed in claim 65, wherein said

recording of said validity period of time is made on said computing device.

puting device communicates with said media through at least 10 one communications channel.

72. The method as claimed in claim 7],further comprising

the step ofreceiving a plurality ofmetadata elementsfrom

67. The method as claimed in claim 65, wherein said

recording of said validity period of time is made on said computer media undergoing authentication.

15

68. The method as claimed in claim 38 wherein said execu

the step ofreceiving a plurality ofmetadata elementsfrom

tion ofat least one ofsaid Zone action handler comprises the steps of.‘' a) detecting a recorded Zone action handler response; and b) returning a Zone action handler response, based upon said recorded Zone action handler response. 69. The method as claimed in claim 38 wherein said execu

tion ofat least one ofsaid Zone action handler comprises the

steps of.‘' a) detecting a recorded validity condition; b) testing for said validity condition; and c) returning a Zone action handler response, based upon said testing of said validity condition.

data structures associated with said communications chan nel. 73. The method as claimed in claim 38,further comprising

data structures associated with devices abstracted behind

said media volume mountpoint. 74. The method as claimed in claim 38further comprising 20

the steps of' a) identi?ing an external security level indica tor; and b) adjusting said discrete level of trust Zone values associated with trustworthy factor scores, based on the

results of said identification of external security level.

Volume mount authentication

Aug 20, 2010 - steps; and. FIG. 10 is a ?oW-chart vieW of the metadata extraction steps. ..... may be found that computing device 3, say a laptop computer,.

1MB Sizes 3 Downloads 48 Views

Recommend Documents

Mount Rushmore.pdf
Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Mount Rushmore.pdf. Mount Rushmore.pdf. Open. Extract.

motor mount plate - GitHub
SHEET 1 OF 1. DRAWN. CHECKED. QA. MFG. APPROVED. ERF. 5/30/2012. DWG NO. SM-S01. TITLE motor mount plate. SIZE. B. SCALE.

Firebase Authentication for Rave
Challenges. Rave is available on iOS, Android, and is currently being developed for VR. It required a platform agnostic login system that would handle.

Mount-Shasta-Sightings.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Mount-Shasta-Sightings.pdf. Mount-Shasta-Sightings.pdf. Open. Extract. Open with. Sign In. Main menu.

Rough Out - Mount Madonnna - Groups
Mount Madonna County Park, 7850 Pole Line Rd, Watsonville, 408-842-2341. May 23-25 ... There is one huge dumpster but no trash cans where we grill, etc.

Mount Sinai Sailing Association -
Jul 23, 2018 - 1586 Blue Moon. Janhsen,Karl. 174 Rhodes 41. ----. DNC. 3725 Moody Little Sister Hegreness,Mark 174 J-24. ----. DNC. 5358 Anomaly.

pdf-1399\biometric-technology-authentication-biocryptography-and ...
... of the apps below to open or edit this item. pdf-1399\biometric-technology-authentication-biocryptography-and-cloud-based-architecture-by-ravi-das.pdf.

Authentication in NGN networks
servers using different technologies: OSA/Parlay,. Parlay X, SIP CGI, ... IMS has become the core component within 3G, cable TV and next generation networks.

Exploring Games for Improved Touchscreen Authentication ... - Usenix
New York Institute of Technology ... able in the Google Play Store on an Android device while ... We developed a Touch Sensor application for Android based.

Mount Mystics Trip of the Month - 12 ... - Mount Saint Vincent University
Sep 15, 2014 - contact list, please check here , call 902-45. 7-6370, or email ... Rosaria Student Centre, Room 127. Halifax, NS ... PHONE: 902-45. 7-6420.

x 509 authentication service pdf
x 509 authentication service pdf. x 509 authentication service pdf. Open. Extract. Open with. Sign In. Main menu. Displaying x 509 authentication service pdf.