Security is a critical issue with almost all aspects of computer use. Memory storage systems, such as hard disk drives on computers, contain valuable information which is vulnerable to data theft. A great deal of money and effort is being applied to guarding personal, corporate, and government security information.
As portable memory storage devices have become smaller, easier to lose, more ubiquitous, cheaper, and larger in memory capacity, they have come to pose extraordinary security problems. It is now possible to download massive amounts of information surreptitiously into portable memory storage devices, such as universal serial bus flash and micro drives (USBDs, including portable HDD/SSD, etc), cellphones, camcorders, digital cameras, iPODs, MP3/4 players, smart phones, palm and laptop computers, gaming equipment, etc.
More specifically, there are millions of USBDs being used for backup, transfer, intermediate storage, and primary storage into which information can be easily downloaded from a computer and carried away. The primary purpose of any USBD is to store and retrieve that “portable content”, which is data or other information tied to an owner and not to a particular computer. A host computer is only a way to access and manipulate the portable content. USBDs are commonly connected to different computers in various environments that are security-uncontrolled and potentially security-hostile.
The affected user community is huge. Every aspect of society is already vulnerable to security leaks and data compromise due to USBDs being lost or stolen along with the information they contain. Because many memory storage systems lack the necessary security, financial databases, medical records, business records, national security information, in short any confidential information, can be exposed and distributed to unauthorized individuals. Private, government, military, and corporate institutional users are all concerned with being able to secure information on portable, easy-to-lose or steal USBDs.
The most common means of providing mass storage security on a computer is to incorporate a password that is accessed via a software application. Password security provides little deterrent to anyone willing to use readily available hacking techniques to get at the data. There are a number of current methods used to gain access to secure memory lock systems, such as key loggers and universal serial bus (USB) “sniffers.” These can be installed on a target computer without the user's knowledge. Once a password or security exchange has been captured, it can then be sent to a malicious source.
More recently, biometric password systems have been incorporated into some memory lock systems and other computer peripherals, like keyboard, mouse, dedicated security devices, etc. However, as noted in many sources, even the manufacturers of these biometric protected devices are not willing to guarantee security.
In industry, while password and biometric systems are capable of protecting mass storage content, they can hinder corporate productivity. In an effort to prevent identity theft and unauthorized access to computer systems, it is industry practice to use different login names and passwords for each unique account. In addition, it is common practice to change passwords at regular intervals. However, this is time consuming, requires highly qualified information technology (IT) administration, and causes problems when passwords are forgotten.
Information cannot easily be exchanged within an organization, as passwords need to be shared in order to access shared systems. A biometric shared system must learn the “fingerprints” of everybody that needs access.
Since information is easily transported outside a facility, institutions are creating policies that prohibit the use of portable memory storage devices within the confines of an institutional wide network and with company owned equipment. The fear is that portable memory lock systems can pass through conventional security screens. Thus, it becomes very easy for confidential information to get transferred to one of these devices, leave the premises, and get lost or stolen.
Some companies offer prevention with “port management” techniques, for example, by disabling unwanted peripherals connected to their network with end-point security (“port management”) software or epoxy applied to USB ports (to “block” the ports). End-point security software grants permission for authorized USBDs while rejecting all others. All these solutions still present problems.
Solutions to these problems have been long sought but prior developments have not taught or suggested any solutions and, thus, solutions to these problems have long eluded those skilled in the art.