Generally, universal serial bus (USB) ports provide a serial bus standard for connecting devices to computers. Most modern computers include at least one, and usually a plurality of USB ports. USB ports are used to connect peripherals such as mice, keyboards, scanners, digital cameras, printers, external storage, etc.
Anyone with access to a computer's USB port can plug a portable flash drive or other mass storage device into the port and attempt to download information from the computer. Unauthorized, downloading information from the computer is a security problem. Intentional or unintentional downloading of a malicious code from plugged USB device is another critical security problem.
US Patent application 2008/0041125; USB PORT LOCKING AND BLOCKING DEVICE, to Carl Poppe, discloses a mechanical lock for USB ports.
PCT application WO2013042108; SECURITY PLUG FOR PREVENTING ACCESS TO A USB SOCKET AND SECURED USB DEVICEA, to Zeuveni Zadok, discloses a security plug for preventing access to a USB socket adapted to complete an electrical circuit when inserted into the USB socket such that its removal from the USB socket breaks the circuit and is detected by a host computer.
This plug requires adaptation of the computer side USB interface. It also deviating from modern USB standards and therefore may not be implemented in USB 2.0 or 3 interfaces.
A mechanical lock for USB port (“USB Port Lock with Blockers”) is available from Kensington: Kensington Computer Products Group, A Division of ACCO Brands, 333 Twin Dolphin Drive, Sixth floor, Redwood Shores, Calif. 94065 (www.kensington.com) This method of protection requires the use of one master key (physical key) or a large set of keys for each one of the computers. It also does not offer an effective solution to the protection of USB ports that must be used for keyboard and mouse.
Another mechanical lock for USB port (“USB Port Blocker”) is available from Lindy (LINDY USA, 14327 Bledsoe Rd. Athens, Ala. 35613 (http://www.lindy-usa.com/) This method suffers from the same disadvantages as the previous mechanical lock.
Security Software that locks and manages the USB ports is available. However, as with any software based security measure, this software may be bypassed, for example if the computer is infected, or if the abuser has obtained administrator permissions. DeviceLock® manufactured by DeviceLock, Inc. of San Ramon, Calif. 94583, USA provides network administrators the ability to set and enforce contextual policies for how, when, where to, and by whom data can or cannot be moved to or from company laptops or desktop PCs via devices like phones, digital cameras, USB sticks, CD/DVD-R, tablets, printers or MP3 players. Administrators can control which users or groups can access USB and other removable and Plug-and-Play devices. Devices can be set in read-only mode while controlling access to them depending on the time of day and day of the week.
For example, USB flash dive control software may be downloaded from http://www.softpedia.com/get/System/System-Miscellaneous/USB-Port-Blocker.shtml USB blocker software may also be obtained from iSM—Institut für System-Management, Oldendorfer Str. 12, 18147 Rostock, Germany (http://www.usb-blocker.com/)
Co-pending application number 937,581/13 to the same inventor, titled “electro-mechanic USB locking device” depicts an electromechanical USB port protection device capable of mechanically block unused USB port, thus preventing the connection of any USB device to that port. Removal of the device requires electrically energizing the lock using security code. Security software provides scalable and secure centralized keys management. The device provides clear and continuous user visual indications when device is secure. Device derivative secures USB cable to the computer USB port.
US application number 20130067534 to the same inventor; titled “Computer motherboard having peripheral security functions”, discloses a secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. This protection method is not easy to implement outside the manufacturing plant.
Co-pending application Ser. No. 14/306,352 to the same inventor, titled “USB security gateway”, discloses a USB gateway connected to a plurality of host computers having a USB device port connect to a peripheral device; and a security circuitry. The security circuitry comprises: a pre-qualification microcontroller; a mode select switch connected to the peripheral device port and selectively connecting it to one of: the pre-qualification microcontroller; or to a host selector switch that switches among the plurality of connected host computes.
Additional background information may be found in the following patent application to the same inventor:
US 20140053256 User authentication device having multiple isolated host interfaces.
US 20110145451 Isolated multi-network computer system and apparatus.
US 20140015673 Secure peripheral connecting device.
US 20140019652 Secure km switch.