AU2008203807B2 - Method for securely auditing and managing computers - Google Patents
Method for securely auditing and managing computers Download PDFInfo
- Publication number
- AU2008203807B2 AU2008203807B2 AU2008203807A AU2008203807A AU2008203807B2 AU 2008203807 B2 AU2008203807 B2 AU 2008203807B2 AU 2008203807 A AU2008203807 A AU 2008203807A AU 2008203807 A AU2008203807 A AU 2008203807A AU 2008203807 B2 AU2008203807 B2 AU 2008203807B2
- Authority
- AU
- Australia
- Prior art keywords
- computer
- flash drive
- identifier
- 64bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This invention establishes a method for securely auditing and managing a network of local and remote computers using a flash drive manufacturer's 5 permanent 64bit identifier. Cryptography applied to the flash drive's 64bit identifier is used to protect data on the flash drive, on a managed computer and data transmitted across the internet. The invention uses the 64bit identifier in a flash drive to serve as an 10 alternative to a proprietary security identifier and associated reader for enabling secure controlled access to the performance of a management task. This invention targets the market requirement of federal investigation bureaus, private security organizations and IT maintenance staff in charge of a 15 global network of computers. CD 0 _CD M > =;r 3 3 03 m 0 C) 0 cn m m 3 0 GI 0 CD -0 CD cn 0 =y- CD :3 N CD .4 CC CD D CD to Do 3 0 6 0 0 -IS CD cc COD D CD :2 - :3 G) (D Cu :2 X- a) (D =3 -0 3 CD =3 r . a) CD CD 3 CD a =T cn c M 0. Jul (A co < K) *F(D CD x -P , 0 0) cr =r =3 0 CL ;:W CC CD 0 0 F, 0 CL 0 CD =b A. 0 U) (n 0) CD CD ku CL 0 (n (n CD C/) < 0 -n jE 0 m m =r h (a. CD (n CD M. (n < =r CD 0 CD 0 T a) cp a) C/) cn cr cn t CD (n cn U) 0 0-3 3 (n (n -0 CD CD a) -i. (n o m 0 CL 0 CD T G) - 3 CD CD 0 (n 0 = cn a < Cl) 0 0 < 0) 0 =3 cc ED Cl) U) 0 0 CD 0 CD Cc --IL -, CD l< CD 3 Q. = 6 CD 9 V 0 CID C ,)' 3 IR- ? U) 0 3 %< 3 cn 3 CD 0 0 0 cn CD 0 w O-OL @ 07 = c :3 C: F #L =r _0 CD a cn Lu. c cn -n CD 0 cn W CD 0 - r+ CD --% cr 5. CD 0 < CD CD CA CD -n 3 cn =3 CD CD CD CD CD CD w o -0 3 cD 0 c L. '5 - (CnD CA a -11 cn r 0) < U) Cn =3 En CL w 0 3 CD CL U) CD IF cn 0* _0 w L-V CD Eo-"4 cn V CL - m 1-0. :3 =3 U) :3 n o c o CL _q Co 0 C)- 0 "71 N o 0 CL 0 _0 cn -0 w cn cn CD , -n -j 0 CD 0 CD :3 CD (n (n CL :3 _0 M. CL -* 0. 0 a cn CL CD CL 0 a 0 CD :3 -=-,) * = 0 CD 5- CD (D g Q) CD W- 0) . Q. CD 3 u) =r CD CL CD o "a CD w (n 0 -1- CD U) 0 6 =b 0 CD co cz =r CD -n cn -n w cn 0 cn cn cn CD 0 C/) w =r M 0 (n :3 -+L I CD 3 0 -0 0 2 Z i 0. QL 3 cD cQ :3 o :3 ::r w 70 CCD 'D. [Z :C:Dr CD 3 m 3 0 CD 07 c U) CD CD CL C: CD -, 0 < :3 cD CD M CL a) CD w cn 0 < =r CD u S 0 CL CD (n CL =r 0 ,) 0 7 =r] CL =r , CD (n CD 0 CD 0 o CL cn 0 ::r cn CD C: F l ::r
Description
I DESCRIPTION FIELD OF THE INVENTION 5 This invention establishes a method for securely auditing and managing a network of local and remote computers using a flash drive manufacturer's permanent 64bit identifier. Cryptography applied to the flash drive's 64bit identifier is used to protect data on the flash drive, on a managed computer and data transmitted across the internet. Auditing is maintained by each computer 10 periodically transmitting its IP address to the user via an email service. Management is maintained by using the IP address to communicate instructions to each computer via an FTP service. The permanent manufacturer issued 64bit identifier on each flash drive 15 provides a highly secure key that effectively replaces a task generally performed by a purpose built, proprietary security identifier i.e. controlling who has access to computers under management. Proprietary identifiers commonly only offer a 32bit key, so our 64bit alternative improves on the security afforded whilst also removing the considerable expense in deploying these identifiers and their associated 20 readers for a controlled access application. This invention seeks to replace the function usually provided by a proprietary identifier and its associated reader with an alternative that is both inexpensive and readily available on most computer systems. 25 The method does not need to employ any internet based server and protects the privacy of the user as no personal or transactional data are recorded 2 by a third party. Deployment of a user email account to maintain the audit allows each user to completely control their data. Management includes the ability to launch bespoke programs, download 5 software updates, send and receive messages or any other maintenance tasks. It also allows broadcasting a message to any or all audited computers. Management may also be used to initiate contact with an audited computer that cannot be contacted by any other means, or even to gain access to a lost audited computer that may have been discovered by a third party. Downloadable instructions may be 10 prepared at any time, even after a managed computer is no longer physically accessible and located anywhere in the world. This invention is of particular use to security organizations using this method to secretly manage computers belonging to multiple organizations and who further 15 need to send or install updates or send messages without prior knowledge of the whereabouts of the computer or the agent to whom it is has been assigned.
3 BACKGROUND OF THE INVENTION 5 This application claims benefit of Australian provisional application No. 2007904861, filed Sept 9, 2007, incorporated herein by reference. The invention relates to a system and method for securely auditing and managing a network of local and remote computers using a manufacturer's 64bit 10 identifier imbedded permanently in a flash drive. Cryptography applied to the flash drive's 64bit identifier is used to protect data on the flash drive, on a managed computer and data transmitted across the internet. Auditing is maintained by each computer periodically transmitting its IP address to the user via an email service. Management is maintained by using the IP address to communicate instructions to 15 the computer via an FTP service. Though there are a number of systems available to discover a computer's location in the event of loss, there were no prior art examples discovered of systems that specifically provided a continuous audit trail as may be useful to a 20 federal investigation bureau, private security organizations or IT maintenance staff in charge of a global network of computers. Searches have revealed a number of inventions that endeavour to locate computer equipment in the event of loss, and others that attempt to locate flash 25 drives in the event of loss. These inventions do not presently provide a continuous audit to profile the activities of, or provide remote management for a global network of computers. In these discovered inventions, none appear to use the 64bit 4 identifier imbedded in the flash drive to provide security so that management can only be initiated from a single unique location i.e. by the holder of the flash drive with the 64bit unique key. 5 Patents examined consisted of both server based and email based solutions. U.S. Pat. No. 6,269,392, No. 6,925,562 and No. 6,950,946 are examples of server based solutions. A server based solution is one where a central internet 10 based server exists which centrally manages the details of all the computers being serviced. These solutions are designed to track lost computers and continuous auditing is restricted to a loss event. Continuous auditing is generally not offered as a service option, as such would increase the cost of server bandwidth to a level where providing the service may become uneconomical. The rising cost of internet 15 based infrastructure and widespread scalability limitations has resulted in the recent failure of many large internet based services; the only provider to date with a blemish free record appears to be Google. Our invention circumvents the dependence on a server by offering a distributed email processing model which in turn leverages upon Google's highly dependable mail service infrastructure. 20 Even if these server based solutions were able to be scaled up to provide full auditing, use of this solution would create a privacy issue for federal investigation bureaus, as the use of a central server would mean that a third party would be privy to, what may be a sensitive auditing or management task. 25 Furthermore the passing of management requests via third party internet server would necessarily add response delays common when a task is delegated to a third party, especially where that party may be an international overseas company operating in a different time zone. The ability to respond to a global event immediately is usually critical for security endeavours, and immediacy is assured 30 by the method promoted in our invention.
5 Additionally, clients of these services must pay expensive monthly or yearly fees to assist in maintaining the global infrastructure. Our invention avoids this cost and provides an equivalent service at a fraction of the cost. 5 Lack of privacy, delays in actioning bespoke requests and high service costs are the main reasons why federal investigation bureaus and security organizations appear to be reluctant to subscribe to these services, as suggested by the frequency of recent newspaper articles citing examples of unrecoverable, unaudited and misplaced military and government computers. 10 Email based solutions have different limitations to the server based model, which our invention effectively addresses. Patents using an email model appear to be less common than those using the server model. 15 Email based U.S. Pat. No. 20030145090 appears initially not to depend on a monitoring system (or server). This patent has restricted application as an auditing tool, because its basis for triggering audit recording is the noting of an IP address outside a fixed list of known addresses. This means that an alarm is raised whenever the computer is used at an unregistered IP address. Such logic is useful 20 where one is monitoring computers that all reside at known locations, but not at all suitable for monitoring mobile computers. Such a system could not be adapted for continuous auditing as its application logic depends on the online "control centre" that manages the valid set of permitted IP's for each computer. Use of the online "control centre" also reveals the existence of a central server, so that the solution 25 inherits privacy issues incumbent in the server based models. US. Pat No. 20070271348 is an invention used primarily to track lost flash drives and not for auditing or managing networks of computers. Although appearing not to use an internet based server, this invention does deploy, as a 30 backup, a number of private email relay servers to re-transmit emails, if early 6 attempts fail. Consequently this solution inherits the privacy issues incumbent in server based models. Furthermore, the patent relies upon the attached computers operating system's ability to respond to an auto-start (i.e. using "autorun.inf") to initiate its emailing process. Unfortunately for the inventor, current incidences of 5 computer viruses using this loophole for infecting computers, has seen the auto start option either locked or securely vetted by most systems today. Our invention circumvents this limitation by using an internal operating system service to trigger its processes. Our invention also obtains permanent firewall access permissions via the user as part of the installation process. This option is not available to the 10 patent protecting a flash drive memory device using "autorun.inf' as it is likely to be introduced to a great number of computers with varying firewall settings. Furthermore, patent No. 20070271348 claims that "said email address is an email address that is designated by said electronic device owner" which creates an email send anomaly when the computer is relocated from the user's primary network 15 provider as may occur if the computer is moved to a motel. An email sent from an account subscribing of one internet service provider is generally blocked if an attempt is made to send the same via another internet provider. Even though patent No. 20070271348 seeks to resolve this anomaly by using the multiple email relay servers noted above, our solution provides a marked improvement by 20 sending mail directly via the Google mail service, which can receive mail from virtually any location. JAPAN Pat No. 2005-215732 is an invention used primarily to track lost devices and not audit or manage computers. Unlike the examples above, this 25 patent's email solution does not appear to use any form of internet based host and consequently maximises user privacy. However the solution lacks our novelty in that it does not use the flash drive's permanent 64bit identifier as a basis for encryption. This patent uses the commonly applied electronic certificate and secret key system which performs PKI (Public Key Infrastructure) method and encryption. 30 This involves placing a software key on the flash drive, which has the disadvantage 7 of being able to be copied to another flask drive, so that an uncontrolled duplicate key may therefore exist. Our invention protects against this as an internal flash drive 64bit identifier cannot be duplicated. This patent is also not suited to computer maintenance as there is no feature to allow remote maintenance 5 instructions to be performed. Other prior art solutions analysed include, U.S. Pat. No. 5,898,391, No. 6,244,758, No. 6,300,863 and No. 6,940,407. These have not been elaborated upon for, as above, they are not readily adaptable to provide the facilities afforded 10 by our invention, and even if so adapted, do not include within their scope, the highly secure fixed hardware based identifiers essential for maintaining the confidence and trust of federal investigation bureaus, security organizations and IT maintenance staff. 15 Where prior solutions do provide, or could be adapted to provide auditing, they have the additional task of distributing that audit without subjecting the user to a possible security breach if emails fall into the wrong hands. Our invention prevents such a breach by ensuring only one person has the ability to decrypt the secure data in the email i.e. the holder of the flash drive. 20 Unlike our solution, email based prior art solutions examined appear to rely on raw email header extraction method to discover IP information. This procedure requires analysis of the source code of each received mail, which generally includes many relay IP addresses, and only one possible correct IP, which 25 incidentally may be correct or may be incorrect, as IP addresses can be cloaked by some networks. Our solution directly accesses the internet and obtains a single verified and properly formatted IP address. Because the raw extraction method requires complex analysis of the email 30 header, it is not a solution that can be passed on to a user for immediate use. Our 8 solution creates data that is immediately useful to non-technical staff. Our method provides advancement over existing solutions by using the IP reference site reflection process described herein. IP information is determined, formatted and presented directly to the user via email in a readily auditable form. 5 The procedure used in this method creates a formal highly trusted model from which to conduct secure auditing and management. Thus, our method uses known and new technologies in a unique and novel 10 method to overcome the shortcomings in auditing, cost, privacy and speed in existing auditing methods and creates a useful solution for federal investigation bureaus, security organizations and IT maintenance staff managing global networks.
9 OBJECTS OF THE INVENTION It is an object of the present invention to provide a solution to alleviate one or more of the above disadvantages and provide a user with a useful or 5 commercial alternative to existing solutions available to audit and manage a network of local and remote computers. It is a further object of the present method to provide a highly secure method to audit and manage these computers.
10 BRIEF DESCRIPTION OF THE DRAWINGS 5 By way of example only, preferred embodiments of the invention will be described more fully hereinafter with reference to the accompanying figures, wherein: FIG. 1 is a flow diagram illustrating installation in a computer of the method according to some embodiments of the present invention. 10 FIG. 2 is a flow diagram illustrating the transfer of data and instructions from each computer, according to some embodiments of the present invention. FIG. 3 provides examples of identifiers used, according to some embodiments of the present invention. 15 DETAILED DESCRIPTION OF THE ILLUSTRATIVE EMBODIMENT The present invention relates to a system for auditing and managing computer equipment. The invention can collect specifications concerning major elements within a computer and write them to an encrypted file. Furthermore, the 20 system can inconspicuously send emails including a computer's IP address. Elements of the invention are illustrated in concise outline form in the drawings, showing only those specific details that are necessary to understanding the embodiments of the present invention, but so as not to clutter the disclosure with excessive detail that will be obvious to those of ordinary skill in the art in light of the 25 present description.
11 In this patent specification, adjectives such as first and second, left and right, top and bottom, etc., are used solely to define one element or method step from another element or method step without necessarily requiring a specific relative position or sequence that is described by the adjectives. Words such as 5 "comprises" or "includes" are not used to define an exclusive set of elements or method steps. Rather, such words merely define a minimum set of elements or method steps included in a particular embodiment of the present invention. One embodiment of the present invention is described below with reference to FIGS 1, 2 and 3. 10 FIG 1 is a flow diagram illustrating installation in a computer of the method according to some embodiments of the present invention. An auditing method 100 uses computer readable medium of a unique memory storage device in the form of a data storage device. The data storage device in this embodiment is a flash drive 120, however any data storage device that includes a permanent unique identifier 15 may be used. The flash drive 120 has an identifier in the form of a manufacturer's permanent 64bit identifier. The manufacturer's 64bit identifier is unique to the drive 120 and cannot be deleted, changed or duplicated on another similar device. The auditing method 100 includes software installed on the drive 120. The auditing method 100 in this embodiment uses a Microsoft DotNet 2.0+ 20 framework and a "Gmail" web-based email service 219, which framework and service are well known to persons skilled in the art. At block 221, before inserting the flash drive 120 into a computer 110, a user must ensure that a valid "Gmail" account has been set-up. The computer 110 may be a desktop, laptop or any other form factor with a flash drive port. The computer is typically a Personal Computer 25 running a Microsoft Windows Operating System, however almost any computer and almost any operating system may be used. At block 222 if a "Gmail" account has not been established then the user creates one. Similarly if the Microsoft DotNet framework 2.0+ has not been installed on the computer 110, instructions for installation are provided.
12 At block 200, the system 100 is configured on the computer 110. At block 201, the user runs a setup program located in a folder on the flash drive 120. The setup program performs an installation process adding necessary files to the computer 110, which files are hidden from the user and any potential unauthorised 5 users. At block 202, the install process authenticates the flash drive 120 by checking that an encrypted data file is able to be read using an algorithm based on the flash drive manufacturer's permanent 64bit identifier. At block 203, if the encrypted data and the flash drive manufacturer's permanent 64bit identifier do not 10 match then the installation process is halted. This ensures that the software has not been duplicated onto a different flash drive. The software is not installed in a traditional manner and cannot be viewed in a conventional list of installed programs on the computer 110, such that the software is effectively not obvious in the operating system. For example, the 15 software is not shown under the add/remove programs listing in the control panel of Microsoft Windows XP. At block 204, system configuration data in the form of system specifications of the computer 110 are read using the Microsoft DotNet 2.0+ framework Windows Management Instrumentation (WMI). WMI is able to gather the details of installed 20 hardware and installed software of the computer 110. For example, system specifications that may be collected from the computer 110 are: - Computer Name - Computer Manufacturer - Computer Model 25 - Computer Version - Computer Serial Number - Computer Unique Universal Identification (UUID). A unique 128bit 13 identifier - Bios Name - Bios Serial Number - Bios Release date 5 - Bios Version - Bios Manufacturer - Operating System Type - Operating System Version - Operating System Registered User 10 - Operating System Serial Number - Operating System Details - System Type - Physical Memory - List of attached Disk Media 15 - Windows Folder Name At block 205, fields are provided so that the user may optionally enter general details including his or her name, company name, asset number and other data descriptive of the computer 110. At block 206, the general details and the system specifications are encrypted in the form of encrypted configuration data to a 20 file using the flash drive manufacturer's permanent 64bit identifier 120 and computer manufacturer's permanent 128bit identifier (UUID) 110 and written to a disguised data file in the window's folders. Alternatively, the general details and the system specifications are encrypted to a file using the flash drive manufacturer's permanent 64bit identifier 120 alone, or the general details and the system 25 specifications are encrypted to a file using the computer manufacturer's permanent 128bit identifier (UUID) 110 alone. The encryption algorithm in the form of an 14 encryption library in this embodiment uses the Advanced Encryption Standard (AES) and is also referred to as Rijndael; however other encryption standards may be used. The general details and system specifications are also written to the flash drive 120 files and folders and contain transactional details for each computer 110, 5 as shown in block 212. At block 207, the Gmail user name and Gmail password are obtained from the user. At block 208, the "Gmail" user name is encrypted and written to a disguised data file in the windows directory, and the "Gmail" password is encrypted and written to another disguised data file in the windows directory. 10 At block 209, the poling cycle is obtained from the user. This is the length of time between IP address requests from an automated IP service provider in the form of an internet reference site 223, which site returns an IP address of the computer 110. At block 210 the users polling cycle is written to a disguised data file in the windows system folders. 15 At block 211, the installation process prepares all components needed to install the method onto the computer 110. At block 213 components of the method are installed; installation of a new window's service, IP location software, an application that processes emails, and a facility to pick up instructions from an FTP service. At this point the installation is complete. Live connection to the internet is 20 recommended 214 to allow commencement of auditing. The user is invited to reboot 215 the computer 110. At block 216, the internet is accessed via an initial firewall "grant permanent permission" process 217 and the IP address of the computer 110 obtained from an internet reference website 223, such as those that are commonly known by those having ordinary skill in the art. Also at block 216 25 the FTP service is accessed so that any prepared maintenance tasks may be automatically performed on the computer 110. At block 218, an email is sent to the user's Google mailbox. During the re-start and each subsequent boot the windows service is activated. The windows service launches applications which read the IP address from the internet reference website 223, picks up and actions any 15 authenticated maintenance instructions 304 from an FTP service 224, and creates and sends an email with an encrypted attachment to the user's Google mail account 220 via the Google mail service 219. Once the auditing method 100 is setup on the computer 110 the flash drive 5 120 can be removed. FIG. 2 is a flow diagram illustrating the transfer of data and instructions from the auditing method, according to some embodiments of the present invention. At block 300, the software that was installed at block 213, checks if the next cycle should be triggered. When triggered, at block 302 the software checks to see if the 10 computer 110 is connected to the internet. At block 301, if the computer 110 is not connected to the internet the computer 110 cancels any attempt to proceed any further until the next polling event. At block 303, if the computer 110 is connected to the internet, the IP address 510 of the computer 110 is obtained from the internet reference website 223. 15 At block 304, the software connects to an FTP service 224 to download any instructions. The downloaded instructions from the FTP service 224 may include a popup message, or any other maintenance instruction. At block 305, the downloaded instructions are authenticated by checking that the flash drive manufacturer's permanent 64bit identifier 120 (eg 520) and the computer 20 manufacturer's permanent 128bit identifier (UUID) 110 (eg 530) used to authenticate the FTP download to the computer 110, match the recorded flash drive manufacturer's permanent 64bit identifier and the computer manufacturer's permanent 128bit identifier number of the computer 110 downloading the instructions. At block 306, if the downloaded instructions are authenticated (i.e. 25 instructions are using the correct 192bit identifier 540 they are applied to the computer 110. At block 307, if the instructions are not authenticated they are neither downloaded nor actioned on the computer 110. At block 308, an email is prepared. At block 309, the email text is created containing the discovered IP address of the computer 110 and specifications of the 16 computer's 110 current operating environment. At block 310, an encrypted file is attached to the email containing the system specifications collected during the last update or when the auditing method 100 was first set up. At block 311 the email service then activates an email session with the "Gmail" service 219 and sends the 5 email with the encrypted attachment. The email sent in block 311 can be retrieved from any computer with an internet connection. At block 312, the user signs into their "Gmail" account and can open the email sent in block 311. The IP address and unencrypted system specifications form the body text of the email which may be read on a computer 10 screen. The encrypted attachment may only be opened if the flash drive 120 used to install the software is connected to the computer that is used to read the email. The installation process can be run on any number of computers 110 and the system specifications relevant to each computer 110 are appended to the file stored on the flash drive. Additionally the data are sent via email to the "Gmail" 15 account entered in the installation process. The encrypted attachment in the email can be viewed on almost any computer as long as the flash drive 120 used for the installation is inserted into a flash drive slot of the computer. Settings for the auditing method can be changed at any time by executing a file on the flash drive 120. For example, parameters which may be changed include 20 the Polling frequency to the IP address website and the Gmail user name and password. The audit file, computer list 110 and any transactions are added or updated each time the flash drive 120 is used. FIG. 3 is as example illustrating identifiers used, according to some embodiments of the present invention. 25 At block 510, is an example of an IP address assigned to a computer connected to the internet (Standard IP v4 Address - 4 octets = 32 bits). At block 520, is an example of the permanent identifier found on a typical flash drive (16 hex digits = 64 bits) 17 At block 530, is an example of the permanent identifier found on a typical computer. (32 hex digits = 128 bits) At block 540, is an example of the authentication key used to allow an FTP download. Each download is authenticated using the 64bit flash drive identifier 5 concatenated to the computer's 128bit identifier, creating an overall 192bit identifier. Advantages of the present invention thus include enabling a secure facility to audit and manage computers. The above description of an embodiment of the present invention is 10 provided for purposes of description to one of ordinary skill in the related art. It is not intended to be exhaustive or to limit the invention to a single disclosed embodiment. As mentioned above, numerous alternatives and variations to the present invention will be apparent to those skilled in the art of the above teaching. Accordingly, while an embodiment has been discussed specifically, other 15 embodiments will be apparent or relatively easily developed by those of ordinary skill in the art. Accordingly, this patent specification is intended to embrace all alternatives, modifications and variations of the present invention that have been discussed herein, and other embodiments that fall within the spirit and scope of the above described invention.
Claims (12)
1. A method for securely auditing and managing a network of local and remote computers using a flash drive manufacturer's permanent 64bit identifier.' 5 Cryptography applied to the flash drive's 64bit identifier is used to protect data on the flash drive, on a managed computer and on data transmitted across the internet. The method comprises the steps of: A. Using installation software on the flash drive to load a hidden auditing application on each computer. 10 B. The installation software accesses the flash drive's permanent 64bit identifier and uses this identifier to encrypt data files which are subsequently installed on each computer to authenticate future auditing and management requests. C. The installation software scans each computer's operating system for 15 comprehensive specifications and prepares an encrypted file holding this data. Encryption is based on the identifier in 1 B. D. The installation software sets up a disguised windows service on each computer. E. The new service triggers events on each computer such that "on start-up" 20 and periodically thereafter, each computer will perform the sub-steps of (a) reading of the unique permanent identifiers created by the flash drive install software to authenticate the ensuing process. (b) obtaining an internet protocol (IP) address by directly accessing the internet and reading the IP from a nominated IP address provider; 25 (c) noting the time and date when the location was determined; 19 (d) receiving and deploying authenticated maintenance instructions after first logging onto and downloading these from an FTP service. (e) obtaining additional data from the computer in which the method is installed; 5 (f) sending the additional data, the IP address and the encrypted comprehensive specifications prepared in 1C to the user via email. (g) progressive emails received by the user effectively build an audit trial of computers under management. F. The method uses the 64bit identifier in a flash drive to serve as an 10 alternative to a proprietary security identifier and associated reader for enabling secure controlled access to the performance of a management task. G. Emails received may only be read after using de-encryption software located on the flash drive, which accesses and uses the unique 64bit 15 identifier imbedded on that drive. H. The software on each flash drive is individually encoded using the flash drive's unique 64bit identifier, such that it is not possible to deploy the software on another similar flash drive, thus enhancing privacy, thwarting software piracy and formalising distribution and "rights to access" to the 20 facilities contained on the flash drive. 1. The flash drive need only be connected to each comp ter once, to install the auditing and management software and record the user's email address and preferred periodical polling cycle. Once all computer have been installed, the flash drive is only needed to decode the encrypted attachment on emails 25 sent to the users email account. 20
2. The method of claim 1, wherein said computer has access to the internet or connectable to any network having Internet access.
3. The method of claim 1, wherein said email includes in ormation including IP addresses, hostnames, device identification and an emai attachment that will 5 confirm the identity of the computer sending the email.
4. The method of claim 1 further includes the step of allowi g the user to set the polling rate to be used by the service.
5. The method of claim 1, wherein said email attachment is e crypted.
6. The method of claim 1, wherein said device is a comp ter capable of being 10 installed with the said method.
7. The method of claim 1 wherein said method is supported t y the computer's operating system.
8. The method of claim 1, wherein said method always perf rms its tasks invisibly to any person using the computer. 15
9. The method of claim 1, wherein said email address is ar email address that is designated by the method as being suitable for use fro any location on the internet. The method recommends a free email service from a public supplier such as Google (which provides an email service named gMail) because of its ability to receive emails from virtually any location. The user will be directed to obtain a 20 dedicated email account from such a source.
10. The method of claim 1 wherein the IP information obtained is properly formatted and easily recognizable to the user, such that i may be quickly and easily forwarded to parties taking part in an investigation.
11. The method of claim 1 wherein the data attachment in he email may only be 25 decoded by one person, being the holder of the original flas drive with the correct permanent identifier. 21
12. The method of claim 1 wherein the flash drive chosen fo the method may have an identifier which is greater or less than 64bit as required y the security level of the task being undertaken.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2008203807A AU2008203807B2 (en) | 2007-09-09 | 2008-08-11 | Method for securely auditing and managing computers |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| AU2007904861A AU2007904861A0 (en) | 2007-09-09 | Datamaster KEY | |
| AU2007904861 | 2007-09-09 | ||
| AU2008203807A AU2008203807B2 (en) | 2007-09-09 | 2008-08-11 | Method for securely auditing and managing computers |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| AU2008203807A1 AU2008203807A1 (en) | 2009-03-26 |
| AU2008203807B2 true AU2008203807B2 (en) | 2011-12-15 |
Family
ID=40475200
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2008203807A Ceased AU2008203807B2 (en) | 2007-09-09 | 2008-08-11 | Method for securely auditing and managing computers |
Country Status (1)
| Country | Link |
|---|---|
| AU (1) | AU2008203807B2 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6269392B1 (en) * | 1994-11-15 | 2001-07-31 | Christian Cotichini | Method and apparatus to monitor and locate an electronic device using a secured intelligent agent |
| US20030145090A1 (en) * | 2002-01-30 | 2003-07-31 | Ostergaard Bjarne Egon | Method for tracing a computer connected to a data network |
| US6925562B2 (en) * | 1999-12-17 | 2005-08-02 | International Business Machines Corporation | Scheme for blocking the use of lost or stolen network-connectable computer systems |
| US6950946B1 (en) * | 1999-03-30 | 2005-09-27 | International Business Machines Corporation | Discovering stolen or lost network-attachable computer systems |
| US20070271348A1 (en) * | 2006-05-18 | 2007-11-22 | Sung Yang | System and method of fault-tolerant and privacy-safe location tracking via email |
-
2008
- 2008-08-11 AU AU2008203807A patent/AU2008203807B2/en not_active Ceased
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6269392B1 (en) * | 1994-11-15 | 2001-07-31 | Christian Cotichini | Method and apparatus to monitor and locate an electronic device using a secured intelligent agent |
| US6950946B1 (en) * | 1999-03-30 | 2005-09-27 | International Business Machines Corporation | Discovering stolen or lost network-attachable computer systems |
| US6925562B2 (en) * | 1999-12-17 | 2005-08-02 | International Business Machines Corporation | Scheme for blocking the use of lost or stolen network-connectable computer systems |
| US20030145090A1 (en) * | 2002-01-30 | 2003-07-31 | Ostergaard Bjarne Egon | Method for tracing a computer connected to a data network |
| US20070271348A1 (en) * | 2006-05-18 | 2007-11-22 | Sung Yang | System and method of fault-tolerant and privacy-safe location tracking via email |
Also Published As
| Publication number | Publication date |
|---|---|
| AU2008203807A1 (en) | 2009-03-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104662870B (en) | data security management system | |
| US9094194B2 (en) | Method and system for automating the recovery of a credential store when a user has forgotten their password using a temporary key pair created based on a new password provided by the user | |
| RU2506704C2 (en) | Managing confidentiality for monitored devices | |
| CN105991614B (en) | A method, device and server for open authorization and resource access | |
| US20080148046A1 (en) | Real-Time Checking of Online Digital Certificates | |
| US10572683B2 (en) | Individual data unit and methods and systems for enhancing the security of user data | |
| JP2003228519A (en) | Method and architecture for providing pervasive security for digital asset | |
| US9866591B1 (en) | Enterprise messaging platform | |
| JP2003228520A (en) | Method and system for offline access to secured electronic data | |
| TW201251482A (en) | Apparatus and methods for storing electronic access clients | |
| US7725716B2 (en) | Methods and systems for encrypting, transmitting, and storing electronic information and files | |
| US9378339B2 (en) | System, method, and device for delivering communications and storing and delivering data | |
| US20020144118A1 (en) | Authentication method in an agent system | |
| US9432357B2 (en) | Computer network security management system and method | |
| CN113647051B (en) | System and method for secure electronic data transmission | |
| US6968458B1 (en) | Apparatus and method for providing secure communication on a network | |
| CN109067712A (en) | A kind of user cloud data guard method and proxy server | |
| RU2412480C2 (en) | System and method of establishing whether server and correspondent have coordinated secure mail | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| KR101858207B1 (en) | System for security network | |
| CN107911384B (en) | A kind of cell management system and method based on digital certificate | |
| US11330003B1 (en) | Enterprise messaging platform | |
| US20020184256A1 (en) | Single-use document address method and system for online document delivery | |
| CN102404363B (en) | A kind of access method and device | |
| AU2008203807B2 (en) | Method for securely auditing and managing computers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FGA | Letters patent sealed or granted (standard patent) | ||
| MK14 | Patent ceased section 143(a) (annual fees not paid) or expired |