Search

US-12619729-B2 - System and method for decontaminating and certifying external storage devices

US12619729B2US 12619729 B2US12619729 B2US 12619729B2US-12619729-B2

Abstract

The present disclosure provides a cleaning station configured to decontaminate external storage devices from cybersecurity threats. The cleaning station is configured to scan files in the external storage device using a decontamination means, the decontamination means including one or more anti-virus modules and one or more anti-malware modules. The cleaning station decontaminates the external storage device, and generates an electronic certificate on the external storage device. The cleaning station receives an update signal from a master server, through a management server, which ensures the decontamination means are updated with signatures updates.

Inventors

  • Gerard Varjaques
  • Christophe Bourel
  • Jean Gatignol

Assignees

  • TYREX US

Dates

Publication Date
20260505
Application Date
20240131

Claims (17)

  1. 1 . A cleaning station, comprising: a processor; and a memory operatively coupled with the processor, wherein the memory comprises processor-executable instructions which, when executed by the processor, cause the processor to: scan one or more files in an external storage device connected to the cleaning station to determine a presence of one or more cybersecurity threats using a decontamination means, the decontamination means comprising two or more anti-virus modules and one or more anti-malware modules; in response to a positive determination of the presence of the one or more cybersecurity threats in the one or more files, decontaminate the external storage device from the one or more cybersecurity threats using the decontamination means; and in response to decontaminating the external storage device or a negative determination of the presence of the one or more cybersecurity threats, generate and store an electronic certificate on the external storage device, wherein when the external storage device is connected to a computing device, validity of the electronic certificate is verifiable by an endpoint module that is implemented on the computing device, and wherein on successful validation of the electronic certificate by the endpoint module, the one or more files in the external storage device are loaded and executed at the computing device.
  2. 2 . The cleaning station of claim 1 , wherein the processor is further configured to transmit a signal to a display interface of the cleaning station to indicate the presence of the one or more cybersecurity threats.
  3. 3 . The cleaning station of claim 2 , wherein the processor is further configured to: receive a decontamination method signal from the display interface, wherein the decontamination method signal comprises an instruction from an operator to either remove, neutralize, or isolate the one or more cybersecurity threats, and/or repair the one or more files in the external storage device; and decontaminate the one or more files in the external storage device based on the instruction in the decontamination method signal.
  4. 4 . The cleaning station of claim 1 , wherein the processor is further configured to receive an update signal from a master server; and update the two or more anti-virus modules based on the update signal.
  5. 5 . The cleaning station of claim 4 , wherein the processor is further configured to: transmit an update request signal to the master server at predetermined intervals, the update request signal comprising an Internet Protocol (IP) address associated with the cleaning station; and receive the update signal from the master server in response thereto.
  6. 6 . The cleaning station of claim 5 , wherein the processor is configured to transmit the update request signal and receive the update signal to and from the master server, respectively, through a management server.
  7. 7 . The cleaning station of claim 1 , wherein the processor is configured to transmit activity data to a management server, the activity data being generated during scanning and decontamination of the one or more files and generating the electronic certificate.
  8. 8 . The cleaning station of claim 7 , wherein the cleaning station is air-gapped from the management server, and wherein the processor is configured to offload the activity data to a trusted external storage device.
  9. 9 . The cleaning station of claim 1 , wherein the cleaning station is air-gapped, and wherein the processor is configured to receive an update signal from a trusted external storage device, and wherein the trusted external storage device is loaded with one or more signature updates in the update signal from a master server.
  10. 10 . The cleaning station of claim 1 , wherein to scan the one or more files to determine the presence of the one or more cybersecurity threats, the processor is configured to successively scan one or more partitions that partition the one or more files in the external storage device.
  11. 11 . The cleaning station of claim 10 , wherein the processor is further configured to: receive a bypass signal from a user, the bypass signal indicating a partition from the one or more partitions that is to be skipped from scanning; and skip the scanning of the partition based on the bypass signal.
  12. 12 . The cleaning station of claim 1 , wherein the processor is configured to concurrently scan and decontaminate the one or more files in the external storage device using each of the two or more anti-virus modules and the one or more anti-malware modules.
  13. 13 . The cleaning station of claim 1 , wherein the electronic certificate comprises a time stamp value indicating a time at which a time stamp was created, and wherein the electronic certificate expires after a predetermined duration since the time stamp value has elapsed.
  14. 14 . The cleaning station of claim 1 , wherein the electronic certificate is configured to be invalidated when data in the external storage device is modified.
  15. 15 . The cleaning station of claim 1 , wherein the processor is further configured to generate the electronic certificate by cryptographically signing a hash value that is generated from the one or more files in the external storage device, using a private key associated with the cleaning station, wherein a public key is configured to be used by the endpoint module to verify the electronic certificate.
  16. 16 . The cleaning station of claim 7 , wherein the processor is configured to communicate with the management server using protocol break or media break communication protocols to transmit the activity data.
  17. 17 . A method for decontaminating external storage devices, comprising: inserting an external storage device into a cleaning station; accessing, by a processor of the cleaning station, one or more files stored in the external storage device; decontaminating, by the processor, one or more cybersecurity threats in the one or more files in the external storage device using a decontamination means, the decontamination means comprising two or more anti-virus modules and one or more anti-malware modules; and generating and storing, by the processor, an electronic certificate in the external storage device, wherein when the external storage device is connected to a computing device, validity of the electronic certificate is verifiable by an endpoint module that is implemented on the computing device, and wherein on successful validation of the electronic certificate by the endpoint module, the one or more files in the external storage device are loaded and executed at the computing device.

Description

BACKGROUND Field of the Disclosure The present disclosure generally relates to cybersecurity. Particularly, the present disclosure relates to a cleaning station to sanitize external storage devices from cyber security threats, and a system and a method to ensure provable integrity, security, and authenticity of external storage devices in varied operational and regulated environments. Description of Related Art This section intends to provide a background discussion for a clear understanding of the disclosure herein but makes no claim nor any implication as to what is the relevant art for this disclosure. External storage devices, such as Universal Serial Bus (USB) flash drives, are commonly used to transfer data between two computing devices. External storage devices are particularly useful when wired or wireless communication means is not available between the two computing devices, or when bandwidth or data transfer rates provided by the wired or wireless communication means are insufficient or impractical for transferring the subject data. However, external storage devices are susceptible to being infected by cybersecurity threats, and further contribute to the dissemination of the cybersecurity threats. The transfer of data in the modern networked computing environment is highly vulnerable to malware and security risks. If a cybersecurity threat, such as malware, viruses, ransomwares, spywares, etc., is introduced in one computing node of a network, they can self-replicate and infect all computing devices in the network. Cybersecurity threats to a single computing node may be introduced using any number of techniques. One known approach for infesting an entire network is to allow the cybersecurity threat to enter a computing device through the use of external storage devices, such as an external hard drive or flash drive containing cybersecurity threats, like, for example, malware, viruses, or spyware. Given their ubiquity and wide range of applications, it is important to have means to ensure that cybersecurity threats are not proliferated through external storage devices, particularly in safety critical computing device/networks such as in commercial or industrial settings. While anti-malware or antivirus solutions have been proposed that detect and remove such cybersecurity threats, they still suffer from several practical and technical challenges. Some practical challenges include the lack of means to scan and decontaminate the external storage devices before they are connected to the computing devices of interest. Since existing anti-virus or anti-malware solutions are software that are installed within the computing devices, they necessitate the external storage device to be connected to the computing devices before they can be scanned and decontaminated. However, in such scenarios, existing solutions risk allowing the computing devices to be infected by new viruses, malware, and vulnerabilities not in their cybersecurity threat definition databases. Further, existing anti-virus and anti-malware software also require significant amounts of computational resources to scan and decontaminate the external storage devices, which may lead to increased waiting times while accessing files of a known external storage device, risk false positives, etc. While multiple complementary anti-virus and anti-malware solutions can be employed for more comprehensive protection against such cybersecurity threats, having to run multiple antivirus solutions further exacerbates the problem of computational expenditure and redundancy thereof in certain cases. Further, existing solutions require data in the external storage device to be scanned each time it is connected to the computing device, as the computing device may not necessarily be able to identify if the data in the external storage device was modified since the last scan. Running scans at each connection can be computationally expensive and often redundant. For instance, if a user reconnects a scanned USB flash drive to a computing device within a few minutes of operation without modifying the data therein, or modifying the data with a file known to be safe, existing anti-virus solutions may still rescan the data. Other solutions include scanning or emulating the data in the external storage device in a sandbox, a virtual machine, or a sacrificial computing device. However, everyday users do not have the wherewithal or expertise to set up such solutions and analyze the data in such safe environments. Therefore, there is a need for a cleaning station to sanitize external storage devices with minimal computational expenditure and redundancy on computing devices. SUMMARY In an aspect, the present disclosure provides a cleaning station to decontaminate external storage devices. The cleaning station is configured to scan one or more files in an external storage device connected to the cleaning station to determine a presence of one or more cybersecurity threats usin