The present invention relates generally to securing the digital content of computer networks, and, more particularly, to a method and system for securing personal computing devices from unauthorized data copying and removal.
The information and knowledge created and accumulated by organizations and businesses are arguably among their most valuable assets. As such, managing and keeping the information and the knowledge inside the organization is of paramount importance for almost any organization, government entity or business, and provides for significant leveraging of its value. Most of the information in modern organizations and businesses is represented in a digital format. It is well known that digital content may be easily copied and distributed (e.g., via e-mail, instant messaging, peer-to-peer networks, file transfer protocol (FTP), portable media and websites), which greatly increases hazards such as business espionage and data leakage.
Some of the actions performed by a user on an accessible personal computer (e.g., saving a confidential document under another name, copying some of the information to another document, printing the document and copying or moving a file that contains confidential information to portable media, etc.) may not comply with the organizational policy regarding confidential information, and may cause a harmful leakage of confidential information. This poses a particular problem, given the recent proliferation of high-density USB (Universal Serial Bus) flash drives. USB flash drives (also referred to as “memory keys”) are NAND-type flash memory data storage devices integrated with a USB interface, and are typically small, lightweight, removable and rewritable. The present memory capacity of commercially available USB flash drives typically ranges from about 8 megabytes to about 64 gigabytes.
USB flash drives have several advantages over other portable storage devices, such as floppy disk and compact discs. They are generally faster, hold more data, and are considered more reliable, due to the lack of moving parts therein. These types of drives use the USB mass storage standard, and are supported natively by modern operating systems such as Linux, Mac OS X, and Windows XP.
More specifically, a flash drive consists of a small printed circuit board encased in a robust plastic or metal casing, making the drive sturdy enough to be carried about in a pocket, as a keyfob, or on a lanyard. Only the USB connector protrudes from this protective casing, and is usually covered by a removable cap. Most flash drives use a standard type-A USB connection, allowing them to be connected directly to a port on a personal computer. In addition, most flash drives are active only when powered by a USB computer connection, and require no other external power source or battery power source. To access the data stored in a flash drive, the flash drive must be connected to a computer, either by direct connection to the computer's USB port or via a USB hub.
Flash drives present a significant security challenge for large organizations. Their small size and ease of use allows unsupervised visitors or unscrupulous employees to smuggle confidential data out with little chance of detection. In order to prevent this, some organizations may perhaps forbid the use of flash drives altogether, while some computers are physically configured to disable the mounting of USB mass storage devices by ordinary users. In an even “lower-tech” security solution, some organizations may actually disconnect USB ports inside the computer or fill the USB sockets with epoxy. However, it would be desirable to be able to provide a more robust solution to unauthorized data copying in the event that certain authorized computers and/or individuals within and organization require the use of such devices.