Search

US-20260127129-A1 - TECHNIQUES FOR COUPLING PERIPHERAL DEVICES IN LOW-AND ZERO-TRUST ENVIRONMENTS

US20260127129A1US 20260127129 A1US20260127129 A1US 20260127129A1US-20260127129-A1

Abstract

Disclosed herein are methods for coupling a peripheral device to a client device. The methods include computing usage data for peripheral devices coupled to a fleet of client devices; adding peripheral devices from the peripheral devices coupled to the fleet whose usage data meets a threshold to a whitelist; detecting an attempt to connect a new peripheral device to an individual client device; determining acceptability of the new peripheral device based on its presence on the whitelist, and, in response to the determining: coupling the new peripheral device on the individual client device if the new peripheral is on the whitelist; or preventing the coupling of the new peripheral device on the individual client device if the new peripheral device is not on the whitelist. Methods and systems and for operating low-trust computing environments with acceptable peripheral devices are also disclosed.

Inventors

  • Sherman Chingman LOK
  • Jason XUN
  • Dino Marco Wong YAO
  • Michael Soon Lee GOH

Assignees

  • ABSOLUTE SOFTWARE CORPORATION

Dates

Publication Date
20260507
Application Date
20241101

Claims (20)

  1. 1 . A method for coupling a peripheral device to a client device, the method comprising: computing, at a server, usage data for peripheral devices coupled to a fleet of client devices; adding peripheral devices from the peripheral devices coupled to the fleet whose usage data meets a threshold to a whitelist; detecting an attempt to connect a new peripheral device to an individual client device; determining acceptability of the new peripheral device based on its presence on the whitelist, and in response to the determining: coupling the new peripheral device on the individual client device if the new peripheral is on the whitelist; or preventing the coupling of the new peripheral device on the individual client device if the new peripheral device is not on the whitelist.
  2. 2 . The method of claim 1 , wherein the preventing and installing of coupling for the new peripheral device comprises detecting processes being executed on the individual client drive during the attempted connection of the new peripheral device.
  3. 3 . The method of claim 2 , wherein the detecting further comprises identifying one or more processes executed based on instructions provided by the new peripheral device.
  4. 4 . The method of claim 1 , wherein the new peripheral device is an input device, an output device, or an input/output device.
  5. 5 . The method of claim 1 , wherein the new peripheral device is a removable memory storage device.
  6. 6 . The method of claim 1 , wherein the attempt to connect the new peripheral device is via a wireless or a wired interface.
  7. 7 . The method of claim 6 , wherein the wired interface is universal serial bus (USB), high-definition multimedia interface (HDMI), display port (DP), peripheral component interconnect express (PCIe), serial AT attachment (SATA).
  8. 8 . A method for operating a low trust user device environment comprising: detecting a connection of a peripheral device to a client device; determining acceptability of the peripheral device based on acceptance criteria from a device management server, and in response to the determining: coupling the peripheral device to the client device; or preventing the coupling of the peripheral device to the client device.
  9. 9 . The method of claim 8 , wherein the acceptance criteria comprise a whitelist.
  10. 10 . The method of claim 8 , wherein the detecting comprises receiving a hardware identifier from the peripheral.
  11. 11 . The method of claim 10 , wherein the hardware identifier comprises a vendor identifier and a device identifier.
  12. 12 . The method of claim 8 , further comprising sending an alert to the device management server of the connection of the peripheral.
  13. 13 . The method of claim 12 , wherein the device management server updates the acceptance criteria based on the alert.
  14. 14 . The method of claim 8 , wherein the device management server updates the acceptance criteria based on usage data received from a fleet of user devices, the usage data including information about peripheral devices connected to the fleet.
  15. 15 . The method of claim 8 , wherein the determining comprises verifying the integrity of a driver for the peripheral device prior to coupling.
  16. 16 . The method of claim 15 , wherein the verifying the integrity comprises comparing checksum of the driver.
  17. 17 . The method of claim 8 , wherein the determining is based on local acceptance criteria and wherein the method further comprises: receiving the acceptance criteria from the device management server and updating the local acceptance criteria based on the received acceptance criteria from the device management server.
  18. 18 . The method of claim 17 , wherein the device management server is configured to send updates of the acceptance criteria to a fleet of client devices.
  19. 19 . The method of claim 8 , further comprising monitoring of processes executed on the user device prior to the coupling of the peripheral device, during the coupling of the peripheral device, or both.
  20. 20 . A system for operating a low trust computing environment comprising: a peripheral device; a client device, the client device configured to: detect a connection of the peripheral device to the client device; determining acceptability of the peripheral based on acceptance criteria; and in response to the determination: couple the peripheral device to the client device; or prevent the coupling of the peripheral device to the client device; and a device management server configured to provide the acceptance criteria to the client device.

Description

FIELD OF THE INVENTION This application relates to the coupling of peripheral devices to client devices. In particular, the application relates to the determination of the acceptability of coupled peripheral devices to a primary computer system. BACKGROUND OF THE INVENTION Modern computer devices may have different types of peripheral devices coupled to them. The peripheral devices include printers, scanners, human interface devices (such as keyboards, mice, touchpads, joysticks, gamepads, speakers, headsets, displays, virtual-and augmented-reality devices, etc.), removable storage (such as external hard drives and flash drives), external optical drives, webcams, media card readers, and others. When coupling these devices to a computing device, many peripherals require the installation of software on the computing device, such as device drivers, to enable them to work with the computing device. However, the process of installing of drivers for peripheral devices creates a potential point of vulnerability, for example, if drivers are compromised or other exploits are present, that a malicious actor could exploit (such as seeking to gain administrator-level access). In one scenario, a malicious actor may attempt to exploit a local privilege escalation vulnerability when plugging in a mouse to a computing device running a particular operating system (e.g., the Microsoft Windows™ operating system, Linux operating systems, etc.). These vulnerabilities allow the malicious actor to gain administrator-level privileges by taking advantage of the fact that some peripheral devices (e.g., universal serial bus (USB) devices) automatically load software upon connection to a primary computer system, and that software installation happens with elevated privileges. One approach to address the security vulnerabilities would be to employ a low-or zero-trust security model, where an organization's technological systems are secured based on the idea that no device or person should be trusted by default, even if they are already inside an organization's network. In this approach, every request to access resources (such as the use of a new peripheral device being connected to a computing device) would be treated as if it comes from an untrusted source until it has been inspected, authenticated, and verified. However, potentially significant resources would need to be devoted to the manual inspection, authentication and verification of requests. There exists a need for improved or alternative methods for coupling peripheral devices to computing devices. SUMMARY OF THE INVENTION In an aspect, there is provided a method for coupling a peripheral device to a client device, the method. The method includes computing, at a server, usage data for peripheral devices coupled to a fleet of client devices. Peripheral devices from the peripheral devices coupled to the fleet whose usage data meets a threshold are added to a whitelist. Upon detection of an attempt to connect a new peripheral device to an individual client device, the acceptability of the new peripheral device is determined based on its presence on the whitelist. In response to the determining, the new peripheral device is coupled to the individual client device if the new peripheral is on the whitelist; or prevented from being coupled to the individual client device if the new peripheral device is not on the whitelist. In some embodiments, the preventing and installing of coupling for the new peripheral device includes detecting processes being executed on the individual client drive during the attempted connection of the new peripheral device. In some embodiments, the detecting includes identifying one or more processes executed based on instructions provided by the new peripheral device. In some embodiments, the new peripheral device is an input device, an output device, or an input/output device. In some embodiments, the new peripheral device is a removable memory storage device. In some embodiments, the attempt to connect the new peripheral device is via a wireless or a wired interface. In some embodiments, the wired interface is universal serial bus (USB), high-definition multimedia interface (HDMI), display port (DP), peripheral component interconnect express (PCIe), serial AT attachment (SATA). In another aspect, there is provided a method for operating a low trust user device environment. The method includes detecting a connection of a peripheral device to a client device. The acceptability of the peripheral device is determined based on acceptance criteria from a device management server. In response to the determining, the peripheral device is coupled to the client device; or prevented from being coupled to the client device. In some embodiments, the acceptance criteria include a whitelist. In some embodiments, the detecting includes receiving a hardware identifier from the peripheral. In some embodiments, the hardware identifier includes a vendor identifier and a dev