[go: up one dir, main page]

HK1092250B - Method for overcoming a system administration blockage - Google Patents

Method for overcoming a system administration blockage Download PDF

Info

Publication number
HK1092250B
HK1092250B HK06113924.8A HK06113924A HK1092250B HK 1092250 B HK1092250 B HK 1092250B HK 06113924 A HK06113924 A HK 06113924A HK 1092250 B HK1092250 B HK 1092250B
Authority
HK
Hong Kong
Prior art keywords
memory
host computer
volatile memory
private
computer application
Prior art date
Application number
HK06113924.8A
Other languages
German (de)
French (fr)
Chinese (zh)
Other versions
HK1092250A1 (en
Inventor
Teng Pin Poo
Henry Tan
Original Assignee
Trek 2000 International Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from SG200407554A external-priority patent/SG123627A1/en
Application filed by Trek 2000 International Ltd filed Critical Trek 2000 International Ltd
Publication of HK1092250A1 publication Critical patent/HK1092250A1/en
Publication of HK1092250B publication Critical patent/HK1092250B/en

Links

Abstract

The present invention relates to a method for overcoming system management obstacles, particularly but not exclusively to a method for overcoming system manager obstacles for devices newly connected to a computer.

Description

Field of the invention
This invention relates to a method for overcoming system administrator blockage and refers particularly, though not exclusively, to a method for overcoming system administrator blockage of a device newly connected to a computer.
Background of the Invention
When a computer is operating not as part of a network, the computer operator is generally the administrator. Therefore, the user has control over system administration functions. However, when a computer is operating as part of a network, be it a local network or a wide area network, the system administrator has control over some of the functions of each computer connected to the network.
In the "WINDOWS" operating system, the system administrator has an administrative privilege function to enable the system administrator to block certain services on the computer in which it is operating. The services that can be controlled by the system administrator in this way include directory services, files, printers, security, terminals management, and peripheral devices. This normally includes a blocking function for access to certain devices connected to the computer. For example, if a device with a private memory is connected to the computer, a password will be required to be entered to gain access to the private memory. Normally the password will not be able to be sent to the device, so access will be denied. Therefore, as a result the exercise of the blocking function by the system administrator the "WINDOWS" operating system might not be able to communicate with the peripheral or other device operatively connected to the computer.
US 2002/0077992 A1 discloses an electronic system including a user transaction device that provides a device identifier when coupled to a transaction terminal. The transaction terminal is configured to indicate that a transaction is to be performed when coupled to the user transaction device.
Summary of the Invention
According to a first aspect, there is provided a method for overcoming system administrator blockage of a non-volatile memory device newly-connected to a host computer operatively connected to a network controllable by a system administrator, the non-volatile memory device comprising a public memory and a private memory, the private memory being of a category for which communication by a host computer application is able to be blocked in an administrative privilege environment, the method comprising: enumerating the device with the host computer application as a composite device including a human interface device for enabling communication between the host computer application and the private memory in a non-administrative privilege environment.
The communication between the host computer application and the private memory may be through a mass storage driver. The device may enumerate itself as the human interface device during the configuration descriptor process. The feature report may be used for communication between the device and the host computer application. The device preferably reports to the host computer application as an alphanumeric display in a usage selected from the group comprising: human interface device usage, and usage page. The public memory may be able to communicate with the host computer application in the non-administrative privilege environment. The host computer application may be in a "WINDOWS" operating system. The public memory and the private memory may comprise separate parts of a single memory. Preferably, the composite device is a non-volatile memory external device for operative connection to the host computer, the non-volatile memory external device comprising the public memory and the private memory. The device may be selected from the group consisting of: external disk drive, printer, game console, external read/write disk drive, external card reader, external USB hub, external sound card, media player, and MP3 player.
According to a second aspect, there is provided a computer usable medium having stored thereon a computer program code that is configured to cause a processor to execute one or more functions for the performance of the above method.
According to a third aspect, there is provided a non-volatile memory device for connecting to a host computer operatively connected to a network controllable by a system administrator, the non-volatile memory device comprising: (a) a public memory; (b) a private memory, the private memory being of a category for which communication by a host computer application is able to be blocked in an administrative privilege environment; (c) a connector to enable connection of the non-volatile memory device to the host computer, and (d) a connector interface; wherein the non-volatile memory device is able to be enumerated with a host computer application as a composite device including a human interface device for enabling communication between the host computer application and the private memory in a non-administrative privilege environment.
The memory device may further comprise a controller for controlling the public memory and the private memory as well as communication between the host computer and the non-volatile memory device. The private memory and the host computer application may communicate through a mass storage driver. The public memory may be able to communicate with the host computer application in the non-administrative privilege environment. The connector may be a USB or IEEE 1394 connector. The public memory and the private memory may comprise separate parts of a single memory.
Brief Description of the Drawings
In order that the invention may be fully understood and readily put into practical effect, there shall now be described by way of non-limitative example only a preferred embodiment of the present invention, the description being with reference to the accompanying illustrative drawings, in which:
  • Figure 1 is a schematic illustration of a preferred form of computer system with which the preferred embodiment is to be used;
  • Figure 2 is a schematic illustration of a second form of computer system with which the preferred embodiment is to be used;
  • Figure 3 is a schematic illustration of a third form of computer system with which the preferred embodiment is to be used;
  • Figure 4 is a block diagram of a preferred form of peripheral device;
  • Figure 5 is a block diagram of an alternative form of peripheral device;
  • Figure 6 is a flow chart of the operation of the preferred embodiment in the three preferred forms of computer systems; and
  • Figure 7 is a flow chart for the operation of the preferred embodiment of a peripheral device.
Detailed Description of the preferred Embodiments
To refer to the Figure 1, there is shown a normal computer system comprising a CPU 10, monitor 12, keyboard 14, mouse 16, and printer 18. Each of the peripheral devices 12, 14, 16 and 18 may be connected to the CPU 10 by cables 20, or wirelessly. The CPU 10 has a number of ports 22 to which a memory device 24 may be operatively connected. The computer CPU 10 is connected to a network 11 that is controlled by a system administrator 13.
Figure 2 shows a laptop or notebook computer 26 having a display screen 28 and a keyboard 30 mounted within a hinged case 32. A number of ports 34 may be provided to which the memory device 24 may be operatively connected. The computer 26 is also connected to the network 11 that is controlled by the system administrator 13.
Figure 3 illustrates a personal digital assistant 36 having a display 38 and keypad 40 mounted within a casing 42. At least one port 44 may be provided for connection thereto by a peripheral or separable device - in this case the memory device 24. The personal digital assistant is also connected to the network 11 that is controlled by the system administrator 13.
The memory device 24 is shown in Figures 4 and 5. It comprises a body 46 having a male connector 48 at one end. Mounted within the body 46 is an interface 50 for connector 48, a controller 52 operatively connected to interface 50, and non-volatile memory generally shown as 54. The memory 54 comprises a protected or private area 56 and a public area 58 that may be parts of the same physical memory (Figure 4); or may be two (or more) physically separate memory devices (Figure 5). The memory 54 may be a disk drive, flash memory, or otherwise. The connector 48 may be a USB or IEEE 1394 connector, or otherwise as required or desired. The protected or private area 56 may be used for the storage of confidential or private data or information.
Although the following description relates to the memory device 24, it applicable to all devices for attachment to a computer and that have a memory such as, for example, external disk drives, printers, games consoles, external read/write disk drives, external card readers, external USB hubs, external sound cards, media players, and MP3 players.
Due to the memory device 24 having the protected or private area 56, when the device 24 is connected to a corresponding port 22, 34, 44, the computer's operating system or application will block all relevant commands to the protected area 56 such as, for example, a password, as it doesn't recognize the protected area 56 due to setting by or instructions from the system administrator 13. As such, an administration right or privilege (hereinafter "administration privilege") is involved and the protected area 56 is in an administrative privilege environment. Such commands are usually SCSI commands.
To reduce the likelihood of this problem, and referring to Figure 5, after the device 24 is operatively connected to host computer 10, 26, 36 hereinafter "host 10" (51), the host 10 sends a setup token to device 24 during the configuration descriptor request (52). During the enumeration of the device it enumerates as a composite device (53) that has two interfaces in the one device: one as a mass storage device (for public area 58) and one as a human interface device (for the private area 56). This will be as a part of the configuration descriptor. A human interface device does not require a device driver as the "WINDOWS"™ operating system has a devices driver for human interface devices.
During the string descriptor, the device 24 will report as the human interface device to the host 10 (54). As a consequence, the host 10 will request the report descriptor for the human interface device at (55).
The device 24 reports to the host 10 as an alphanumeric display in human interface device usage (56). It may report as other usages as required or desired. During the report descriptor process, feature report is used for communication between the device 24 and the host 10 (57). Alternatively, the input or output reports may be used. The report ID may be used as a command set and the mass storage operational code may be used as the report ID (58).
The host 10 commences the enumeration of device 24 (59). The device 24 is enumerated as a composite device (60) and therefore there will be no blockage of commands to the protected area 56 and thus the device 24 is able to accept commands for both the mass storage device (public) area 58 and the human interface device (private) area 56 (61). Each component 58, 56 is enumerated (63, 64) and when a mass storage command for either component 56, 58 is sent to device 24 (65, 66), the controller 52 is able to service and perform the task. After the tasks are performed, the process stops (67). As such the device 24 is operating in a non-administrative privilege environment and the system administrator 13 is not able to block commands to the protected area 56.
Figure 6 shows the process as it occurs on the device 24. Here, the composite device 24 is the mass storage (public) device 58 and the human interface (private) device 56 (70). The mass storage (public) device 58 (71) can perform all normal mass storage functions: read, write, transfer files to and from host 10, and so forth (72).
For the human interface (private) device 56 (73), when the controller 52 communicates with host 10 (74) it will ask for get-report-request or set-report-request to enable communication between host 10 and device 24 for the human interface (private) device 56. This will normally be through setup token and endpoint 0. All command codes communication with the device 24 for the human interface (private) device 56 is through the human interface get-report-request and set-report-request (75). The device 24 receives the human interface commands code (76) and performs the necessary task. As the command code is under a non-administrative privilege environment, the operating system of host 10 is not able to block the human interface (private) device 56. Communication between the host computer 10 application and the private area 56 may be through a mass storage driver. As such the device 24 is operating in a non-administrative privilege environment and the system administrator 13 is not able to block commands to the protected area 56.
Whilst there has been described in the foregoing description preferred embodiments of the present invention, it will be understood by those skilled in the technology that many variations or modifications in details of design or construction or operation may be made without departing from the present invention as defined by the appended claims.

Claims (16)

  1. A method for overcoming system administrator blockage of a non-volatile memory device (24) newly-connected to a host computer (10:26;36) operatively connected to a network (11) controllable by a system administrator (13), the non-volatile memory device (24) comprising a public memory (58) and a private memory (56), the private memory (56) being of a category for which communication by a host computer application is able to be blocked in an administrative privilege environment, the method comprising:
    enumerating the device (24) with the host computer application as a composite device including a human interface device for enabling communication between the host computer application and the private memory (56) in a non-administrative privilege environment.
  2. A method as claimed in claim 1, wherein the communication between the host computer application and the private memory (56) is through a mass storage driver.
  3. A method as claimed in claim 1 or claim 2, wherein the device (24) enumerates itself as the human interface device during the configuration descriptor process.
  4. A method as claimed in claim 3, wherein the feature report is used for communication between the device (24) and the host computer application.
  5. A method as claimed in claim 4, wherein the device (24) reports to the host computer application as an alphanumeric display in a usage selected from the group comprising: human interface device usage, and usage page.
  6. A method as claimed in any one of claims 1 to 5, wherein the public memory (58) is able to communicate with the host computer application in the non-administrative privilege environment.
  7. A method as claimed in any one of claims 1 to 6, wherein the public memory (58) and the private memory (56) comprise separate parts of a single memory (54).
  8. A method as claimed in any one of claims 1 to 7, wherein the composite device is a non-volatile memory external device for operative connection to the host computer (10;26;36), the non-volatile memory external device comprising the public memory (58) and the private memory (56).
  9. A method as claimed in any one of claims 1 to 7, wherein the device (24) is selected from the group consisting of: external disk drive, printer, game console, external read/write disk drive, external card reader, external USB hub, external sound card, media player, and MP3 player.
  10. A computer usable medium having stored thereon a computer program code that is configured to cause a processor to execute one or more functions for the performance of the method of any one of claims 1 to 9.
  11. A non-volatile memory device (24) for connecting to a host computer (10;26;36) operatively connected to a network (11) controllable by a system administrator (13), the non-volatile memory device (24) comprising:
    (a) a public memory (58);
    (b) a private memory (56), the private memory being of a category for which communication by a host computer application is able to be blocked in an administrative privilege environment;
    (c) a connector (48) to enable connection of the non-volatile memory device to the host computer (10;26;36); and
    (d) a connector interface (50);
    wherein the non-volatile memory device (24) is able to be enumerated with a host computer application as a composite device including a human interface device for enabling communication between the host computer application and the private memory (56) in a non-administrative privilege environment.
  12. A non-volatile memory device (24) as claimed in claim 12, further comprising a controller (52) for controlling the public memory (58) and the private memory (56) as well as communication between the host computer (10;26;36) and the non-volatile memory device (24).
  13. A non-volatile memory device (24) as claimed in claim 11 or claim 12, wherein the private memory (56) and the host computer application communicate through a mass storage driver.
  14. A non-volatile memory device (24) as claimed in any one of claims 11 to 13, wherein the public memory (58) is able to communicate with the host computer application in the non-administrative privilege environment.
  15. A non-volatile memory device (24) as claimed in any one of claims 11 to 14, wherein the connector (48) is selected from the group consisting of: USB, and IEEE 1394.
  16. A non-volatile memory device (24) as claimed in any one of claims 11 to 15, wherein the public memory (58) and the private memory (56) comprise separate parts of a single memory (54).
HK06113924.8A 2004-12-20 2006-12-18 Method for overcoming a system administration blockage HK1092250B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG200407554 2004-12-20
SG200407554A SG123627A1 (en) 2004-12-20 2004-12-20 Method for overcoming system administration blockage

Publications (2)

Publication Number Publication Date
HK1092250A1 HK1092250A1 (en) 2007-02-02
HK1092250B true HK1092250B (en) 2008-07-04

Family

ID=

Similar Documents

Publication Publication Date Title
CN100489823C (en) Method and apparatus for disabling a universal serial bus port
CN1795439B (en) Security system and method for computer operating systems
USRE44739E1 (en) Data security method and device for computer modules
EP1672492B1 (en) Method for overcoming a system administration blockage
US8065440B2 (en) Enabling and disabling device images on a platform without disrupting BIOS or OS
US20220035901A1 (en) Data storage means control apparatus and method having data protection function by using wireless communication with smartphone
US20070028292A1 (en) Bus bridge security system and method for computers
EP2246778B1 (en) Usb portable device
US8051300B2 (en) System and method for reducing latency on remotely-booted information handling systems
US20080270780A1 (en) Design structure for disabling a universal serial bus port
ZA200400245B (en) Security system and method for computers
AU2002315565A1 (en) Security system and method for computers
JPH07191776A (en) Personal computer system for realization of secrecy protection
US20040153554A1 (en) Information processing apparatus and user operation restriction method used in the same
US8135880B2 (en) USB mass storage locking
US20070174033A1 (en) Remote control device and method for accessing peripheral device remotely
US20050036285A1 (en) Portable computer
US7523281B2 (en) Authenticating hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users
US20030028812A1 (en) Computer security during power-on self test
HK1092250B (en) Method for overcoming a system administration blockage
JP2006146308A (en) Storage system and backup management method
EP1410139B1 (en) Method for protecting data recorded on a storage medium
KR20090009649A (en) USBI keyboard input data security method and system