Introduction
The description of the various aspects and embodiments of the present invention relates to detachable memory devices that contain both executable files and data and that are intended to be used by enterprises. If you have ever been to a DISNEY theme park, there is no doubt that you found yourself crowded into the little fiberglass boat, floating on rather peculiar blue water, through a series of animated creatures representing several nationalities across the globe, all singing the catchy little tune “It's a Small World After All”. Well, as technology continues to advance, not only is our world growing smaller, but the majority of the technology devices we use on a day-to-day basis are also growing smaller. It was not all that long ago that a system administrator could stand in awe of the 3 gigabyte drive system installed on his main frame computer—even though the drive system was the size of a standard refrigerator! Today, kids are walking around with 60 gigabyte iPods in their shirt pockets. You can not argue against the facts—things are getting smaller.
Desktop computers gave way to luggable computers, which led to laptop computers, notebook computers and now even hand-sized computers. But even with all this shrinkage, there is still a need and a desire to be able to travel without having to take your computer with you—regardless of its size. There are many reasons for this need in the art. An obvious reason is that every time you take your computer around with you, you run the risk of damaging the computer, losing the computer or becoming a victim of a theft. Yet, there is still a need in the art to enable a user to have access to his or her computing environment, data, applications, or the like when they are outside of their home or office environment.
One technique that has been introduced to address this problem depends on the use of the Internet and technologies such as VPN, PC ANYWHERE, XP Remote Desktop, etc. Such solutions allow a user to actually gain access to his or her home computing environment while they are at a remote location. The user simply needs to gain access to an Internet enabled computer. This technique has some disadvantages. One disadvantage is that the computers available to the user may have access restriction, especially with regards to accessing other systems over the Internet. Thus, the existence of filters, firewalls, etc. may restrict the usefulness of this solution. Another technique to address this problem takes advantage of the ever shrinking size of memory devices. This technique utilizes USB based memory devices that can be used to store data, applications, environments, frameworks, or the like. Using this technology, a user can plug his or her USB memory card into a USB equipped computer and thereby gain access to the information stored on the USB memory device. The frameworks that are installed in the USB memory device are adapted to run applications that are associated with one or more configuration files or data that are stored in the USB memory device. For example, the framework application may be a launch pad application. Such a feature converts the USB memory device into a smart external memory device (SEMD). The applications that are controlled by the frameworks can be stored in the SEMD or in another internal or external storage device, such as but not limited to an hard-disk that is associated with the computer. Several SEMD products are currently available on the market, such as but not limited to U3, Iomega Active Disk, and the X-KEY devices.
In general, the SEMDs are flash drives with a USB interface. More specifically, and as described on the U3 website at www.u3.com, U3 devices are flash drive based USB devices that can contain zero or more U3 based applications. A U3 application is software application that is tuned to run from a U3 device. While the U3 application is running, the U3 application has access to most of the host computer's resources, such as but not limited to the volume of the device, the system's registry, the network adapters, etc. . . . The U3 platform, as well as similar solutions, provides several advantages. First of all, it provides an elegant solution for application mobility. With such technology, software applications are not tied to a single machine. Rather, the software can run off any appropriately equipped and configured device without installation on the host computer. In addition, most software applications can be converted into a mobile application with minimal developer effort and without application coding or recoding.
As an example to further the reader's understanding, a typical application cycle based on the U3 technology is described as consisting of the following stages:
1. Device installation—the U3 application is installed onto the USB flash memory device.
2. Host installation—the U3 application is installed onto a specific host after the device is plugged into the host.
3. Start application—the U3 application starts running from the host.
4. Stop application—the U3 application stops running from the host.
5. Host uninstall—the U3 application should delete all its traces from the host machine once the device is removed from the host or while being ejected.
6. Device uninstall—the U3 application is deleted from the device.
Thus, the reader should appreciate that the SEMDs provide an elegant solution to the above-identified needs in the art; however, it should be understood that such devices also have significant security issues, both for enterprises and for private consumers. These security issues include, but are not limited to, the following security concerns.
1. The SEMDs, in essence, appear as an unsecured storage volume once installed into a host system. As such, every application of the host computer can access can access the data that is stored on the SEMD. This characteristic of the SEMDs actually raises two concerns. First of all, enterprises may be concerned that confidential information may be written to the SEMD and thus, result in data leakage. In addition, the enterprise may be concerned about the introduction of unfiltered data and applications into the organization's network.
2. The SEMDs are a convenient tool for housing large volumes of data, such as documents, mail and appointments. If a device being used as such is lost or falls in the wrong hands, all this data is compromised.
3. Because the network is generally a core element for the operation of most enterprises, an enterprises may want to control the applications that are run on their systems. Thus, the use of SEMDs may introduce unwanted applications and problems into the system.
4. An enterprise may decide that the use of SEMDs is acceptable for the system. However, the administration may decide that only company issued SEMDs can be utilized within the system. However, such a capability does not currently exist in the industry and as such, once the ability to utilize the SEMDs is enabled, users are able to purchase their own SEMDs and utilize them in the enterprise's system.
5. Finally, an enterprise may simply want to control the SEMDs that run on their system but again, presently a solution to restrict this does not exist.
Therefore, there is a need in the art for a security solution that will handle all the major security concerns that the SEMDs introduce and thus, further promote the advantages of using such devices.