Existing computer systems have a certain number of ports allowing the connection of different types of peripherals serving both the user interface, the connection to other computer systems and also data storage.
The integrity of these computer systems can thus be breached by physically connecting to the ports of these systems, even without the knowledge of the user, certain peripherals that contain malicious data.
This can be the case in particular with USB (Universal Serial Bus) peripherals. USB ports are universal ports of the “multifunctional” type, meaning that they can accept a whole range of peripherals of different types, such as for example network interfaces, storage elements of the USB key type, keyboards, mice, webcams, etc.
The universal character of these ports, which is advantageous from the point of view of flexibility in terms of connection and supported functions offered by such interface, proves problematic in an environment where security is paramount, because it allows peripherals containing malicious data to be connected to the USB ports of critical computer systems to which access must be protected.
A malicious (alternatively negligent) user using such a peripheral containing for example undesirable data can thus take (alternatively lose) control, install viruses or record confidential data from a critical computer system thanks to the mere presence of USB ports on this system, to which he can connect such a type of peripheral.
It is impossible to purely and simply prohibit the use of these universal ports inasmuch as they are necessary for the use of certain essential peripherals, such as for example mice or keyboards.
In order to address this problem, software solutions have been proposed in which certain types of peripherals have access to certain functions, access to the functions being managed purely through the software. Thus, application US 2006/0037084 discloses a system for controlling access to different USB ports for a certain number of functionalities, selected and configurable dynamically by means of an operating system using stored configuration information.
However, these software solutions have the disadvantage that they are complex to manage and can be circumvented through vulnerabilities associated with the operating system used and the manner in which it manages these peripherals, or the manner in which the computer system is administered. The user of a peripheral containing malicious data, by taking control of such an operating system, can then reconfigure the functions to which the USB ports have access and gain access to the computer system with said peripheral, or even distribute the malicious content over the computer system or via the administrator rights of the system.
A purpose of the present invention is to overcome the aforesaid drawbacks.