Network-based secure input/output (I/O) module (SIOM)

US 10,009,376 B2
Filed: 11/25/2014
Issued: 06/26/2018
Est. Priority Date: 11/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

obtaining, by one or more processors of a hardware server, a manifest that identifies encryption algorithms, encryption keys, protocols, and encryption key sizes, and processing, by the hardware server, the encryption algorithms with the encryption keys, and the encryption key sizes as the protocols, and establishing, by the hardware server through the protocols, encrypted communication sessions with two peripherals over a Local-Area Network;

receiving, by one or more processors of the hardware server, pairing requests from the two separate peripherals over the LAN; and

establishing, by the one or more processors of the hardware server, a separate and unique secure session with each separate peripheral using information identified in the manifest for processing as a secure protocol, and managing each unique secure session with a different encryption and with a different encryption key size from that which is processed for a remaining unique secure session being processed for a remaining one of the two separate peripherals.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Secure Input/Output (I/O) Module (SIOM) is networked-enabled providing secure communications with terminals and peripherals integrated into the terminals. Communications between devices are securely made through encrypted communication sessions provisioned, defined, and managed through a secure protocol using the network-based SIOM. In an embodiment, a single-tenant network-based SIOM is provided. In an embodiment, a hybrid dual single-tenant and multi-tenant network-based SIOM is provided. In an embodiment, a multi-tenant network-based SIOM is provided. In an embodiment, a cloud-based SIOM is provided.

8 Citations

20 Claims

1. A method, comprising:
- obtaining, by one or more processors of a hardware server, a manifest that identifies encryption algorithms, encryption keys, protocols, and encryption key sizes, and processing, by the hardware server, the encryption algorithms with the encryption keys, and the encryption key sizes as the protocols, and establishing, by the hardware server through the protocols, encrypted communication sessions with two peripherals over a Local-Area Network;
  
  receiving, by one or more processors of the hardware server, pairing requests from the two separate peripherals over the LAN; and
  
  establishing, by the one or more processors of the hardware server, a separate and unique secure session with each separate peripheral using information identified in the manifest for processing as a secure protocol, and managing each unique secure session with a different encryption and with a different encryption key size from that which is processed for a remaining unique secure session being processed for a remaining one of the two separate peripherals.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein receiving further includes obtaining each request from a device controller associated with each peripheral when that device controller is powered up.
  - 3. The method of claim 1, wherein receiving further includes identifying a separate and unique set of security attributes for each peripheral based on a peripheral identifier associated with each request.
  - 4. The method of claim 1, wherein receiving further includes identifying each request as having originated from a different terminal connected to the LAN.
  - 5. The method of claim 1, wherein receiving further includes identifying each request as having originated from a single terminal connected to the LAN.
  - 6. The method of claim 1, wherein establishing further includes using unique encryption for each secure session.
  - 7. The method of claim 6, wherein using further includes enforcing unique security policy for each secure session.
  - 8. The method of claim 1, wherein establishing further includes receiving event data from each peripheral over that peripheral'"'"'s secure session.
  - 9. The method of claim 8, wherein establishing further includes sending notification data or command data to each peripheral over that peripheral'"'"'s secure session.

10. A method, comprising:
- receiving, by one or more processors of a hardware server, a first pairing request from a first peripheral and a second pairing request from a second peripheral over a Wide-Area Network (WAN);
  
  obtaining, by the one or more processors of the hardware server, a manifest that identifies encryption algorithms, encryption keys, protocols, and encryption key sizes, and processing, by the hardware server, the encryption algorithms with the encryption keys and the encryption key sizes as the protocols, and establishing, by the hardware server, through the protocols secure and encrypted communication sessions with the first peripheral and the second peripheral over the WAN; and
  
  establishing, by the one or more processors of the hardware server, a first secure session with the first peripheral and a second secure session with the second peripheral over the WAN with the first secure session processing a first custom encryption identified from information in the manifest and the second secure session processing a second custom encryption identified from the information in the manifest, wherein the first custom encryption is different from the second custom encryption, and wherein the first custom encryption includes a different encryption key size processed during the first secure session from a second custom encryption key size processed during the second secure session.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein receiving further includes obtaining each pairing request when each peripheral is powered up.
  - 12. The method of claim 10, wherein receiving further includes identifying each pairing request as having originated from a single terminal.
  - 13. The method of claim 10, wherein receiving further includes identifying each pairing request as having originated from a unique terminal.
  - 14. The method of claim 10, wherein receiving further includes identifying each pairing request as having originated from a unique terminal and each terminal associated with a unique Local-Area Network (LAN) processing environment over the WAN.
  - 15. The method of claim 10, wherein establishing further includes routing each pairing request to a unique Secure Input/Output Module (SIOM) for establishing each secure session based on one or more identifiers associated with each pairing request.
  - 16. The method of claim 10, wherein establishing further includes routing each pairing request to a single Secure Input/Output Module (SIOM) for establishing each secure session based on both pairing requests having originated from a single terminal.
  - 17. The method of claim 10 wherein establishing further includes using unique encryption and enforcing unique security rules for each secure session.

18. A system comprising:
- a hardware server device;
  
  a network-based secure input/output module (SIOM) configured and adapted to;
  
  i) execute on the hardware server device and pair with two separate peripheral devices over a network connection, ii) obtain a manifest that identifies encryption algorithms, encryption keys, protocols, and encryption key sizes, and process the encryption algorithms with the encryption keys and the encryption key sizes as the protocols to establish through the hardware server device using the protocols separate, secure, and encrypted communication sessions with each of the peripheral devices over the network connection, and iii) establish separate and unique secure sessions with each separate peripheral device over the network in response to the identifying and process a first encryption for a first one of the separate and unique secure sessions identified from information in the manifest and process a second encryption for a second of the unique secure session identified from the information in the manifest, wherein the first encryption uses a first encryption key size and encryption processed during the first one of the unique secure session that is different from a second encryption key and encryption size that is processed during the second of the unique secure sessions with the second encryption.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the network-based SIOM is further configured and adapted to:
    - iv) provide the pairing and establishment of the unique secure sessions over the network connection that is one of;
      
      a Local-Area Network (LAN) connection and a Wide-Area Network (WAN) connection.
  - 20. The system of claim 18, wherein the network-based SIOM is further configured and adapted to:
    - iv provide the pairing and the establishment as one of;
      
      a single-tenant service for a single terminal associated with both peripheral devices and a multi-tenant service for two terminals, each terminal associated with a unique one of the two peripheral devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NCR Voyix Corporation
Original Assignee
NCR Corporation
Inventors
Antonakakis, Stavros, Kobres, Erick, Corrion, Bradley William
Primary Examiner(s)
Shaw, Brian F

Application Number

US14/553,413
Publication Number

US 20160149952A1
Time in Patent Office

1,309 Days
Field of Search

345156, 726 17
US Class Current
CPC Class Codes

G06Q 20/202   Interconnection or interact...

G07G 1/14   Systems including one or mo...

H04L 41/0806   for initial configuration o...

H04L 63/20   for managing network securi...

H04L 67/14   Session management for real...

Network-based secure input/output (I/O) module (SIOM)

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network-based secure input/output (I/O) module (SIOM)

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links