Method and system for IPSec security for IPP-USB data

US 10,084,820 B2
Filed: 02/27/2015
Issued: 09/25/2018
Est. Priority Date: 02/27/2015
Status: Active Grant

First Claim

Patent Images

1. A method of providing security for data being transferred over a Universal Serial Bus (USB) connection, the method comprising:

setting an IPsec policy configuration on a host device and a client device, the IPsec policy configuration including a first loopback interface and an IP address for the host device and a second loopback interface and an IP address for the client device;

sending an IP packet to the first loopback interface on the host device, wherein the first loopback interface configures the packet to be routed to the second loopback interface;

sending the IP packet from the first loopback interface to an IPsec module on the host device for encryption pursuant to IPsec protocol;

filtering the encrypted packet received from the first loopback interface on the host device and configuring the encrypted packet to be sent via USB protocol over the USB connection to the client device from the host device;

sending the encrypted packet from the host device to the client device over the USB connection;

injecting the encrypted packet into the second loopback interface on the client device;

sending the encrypted packet from the second loopback interface on the client device to the IPsec module on the client device for decryption; and

sending the decrypted packet to the second loopback interface on the client device, wherein the packet is received on the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing security for data being transferred over a Universal Serial Bus (USB) connection, the method comprising: setting an IPsec policy configuration on a host device hand a client device; sending a packet to a first loopback interface on the host device, wherein the first loopback interface configures the packet to be routed to a second loopback interface on the client device; sending the packet from the first loopback interface to an IPsec module for encryption; filtering the packet received from first loopback interface; sending the packet to the client device over the USB connection; injecting the packet into the second loopback interface; sending the packet from the second loopback interface on the client device to the IPsec module on the client device for decryption; and sending the decrypted packet to the second loopback interface on the device application, wherein the packet is received on the client device.

15 Citations

20 Claims

1. A method of providing security for data being transferred over a Universal Serial Bus (USB) connection, the method comprising:
- setting an IPsec policy configuration on a host device and a client device, the IPsec policy configuration including a first loopback interface and an IP address for the host device and a second loopback interface and an IP address for the client device;
  
  sending an IP packet to the first loopback interface on the host device, wherein the first loopback interface configures the packet to be routed to the second loopback interface;
  
  sending the IP packet from the first loopback interface to an IPsec module on the host device for encryption pursuant to IPsec protocol;
  
  filtering the encrypted packet received from the first loopback interface on the host device and configuring the encrypted packet to be sent via USB protocol over the USB connection to the client device from the host device;
  
  sending the encrypted packet from the host device to the client device over the USB connection;
  
  injecting the encrypted packet into the second loopback interface on the client device;
  
  sending the encrypted packet from the second loopback interface on the client device to the IPsec module on the client device for decryption; and
  
  sending the decrypted packet to the second loopback interface on the client device, wherein the packet is received on the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, comprising:
    - setting the IPsec policy configuration with a manual key configuration.
  - 3. The method of claim 1, comprising:
    - setting the IPsec policy configuration with an automatic key configuration.
  - 4. The method of claim 1, wherein the IP packet is an HTTP/IPP packet.
  - 5. The method of claim 1, comprising:
    - sending an IP response packet to the second loopback interface on the client device, wherein the second loopback interface configures the IP response packet to be routed to the first loopback interface on the host device;
      
      sending the response packet to an IPsec module on the client device for encryption pursuant to the IPsec protocol;
      
      filtering the encrypted response packet received from the IPsec module on the client device and configuring the encrypted response packet to be sent via the USB protocol over the USB connection to the host device;
      
      sending the encrypted response packet to the host device over the USB connection;
      
      injecting the encrypted response packet into the first loopback interface;
      
      sending the encrypted response packet to the IPsec module on the host device for decryption; and
      
      receiving the decrypted response packet from the IPsec module on the host device and filtering the response packet.
  - 6. The method of claim 5, wherein the host device is a printer and the client device is a personal computer, and further comprising:
    - attaching print data to the encrypted response packet.
  - 7. The method of claim 1, comprising:
    - hosting the first loopback interface on a host application on the host device, and hosting the second loopback interface on a device application on the client device.

8. A non-transitory computer readable medium containing a computer program having computer readable code embodied to carry out a method of providing security for data being transferred over a Universal Serial Bus (USB) connection, the method comprising:
- setting an IPsec policy configuration on a host device, the IPsec policy configuration including a first loopback interface and an IP address for the host device;
  
  sending an IP packet to the first loopback interface on the host device, wherein the first loopback interface configures the packet to be routed to a second loopback interface on a client device, wherein the second loopback interface on the client device is configured to decrypt the packet;
  
  sending the packet from the first loopback interface to an IPsec module on the host device for encryption pursuant to IPsec protocol;
  
  filtering the encrypted packet received from first loopback interface on the host device and configuring the encrypted packet to be sent via USB protocol over the USB connection to the client device from the host device; and
  
  sending the encrypted packet to the client device over the USB connection.
- View Dependent Claims (9, 10, 11, 19)
- - 9. The medium of claim 8, comprising:
    - setting the IPsec policy configuration with a manual key configuration.
  - 10. The medium of claim 8, comprising:
    - setting the IPsec policy configuration with an automatic key configuration.
  - 11. The medium of claim 8, wherein the IP packet is an HTTP/IPP packet.
  - 19. The medium of claim 8, comprising:
    - receiving an encrypted response packet over the USB connection from the second loopback interface on the client device;
      
      injecting the encrypted response packet into the first loopback interface;
      
      sending the encrypted response packet to the IPsec module on the host device for decryption; and
      
      receiving the decrypted response packet from the IPsec module and filtering the decrypted response packet.

12. A non-transitory computer readable medium containing a computer program having computer readable code embodied to carry out a method of providing security for data being transferred over a Universal Serial Bus (USB) connection, the method comprising:
- setting an IPsec policy configuration on a client device, the IPsec policy configuration including a second loopback interface and an IP address for the client device;
  
  receiving an encrypted packet on the client device over the USB connection from a host device, the encrypted packet encrypted on the host device pursuant to IPsec protocol and configured via USB protocol to be sent over the USB connection to the client device;
  
  injecting the encrypted packet into the second loopback interface on the client device;
  
  sending the encrypted packet from the second loopback interface on the client device to the IPsec module on the client device for decryption; and
  
  sending the decrypted packet to the second loopback interface on the client device, wherein the decrypted packet is received on the client device.
- View Dependent Claims (20)
- - 20. The medium of claim 12, comprising:
    - sending a response packet to the second loopback interface on the client device, wherein the second loopback interface configures the response packet to be routed to a first loopback interface on a host device;
      
      sending the response packet to an IPsec module on the client device for encryption pursuant to the IPsec protocol;
      
      filtering the encrypted response packet received from the IPsec module on the client device and configuring the encrypted response packet to be sent via the USB protocol over the USB connection to the host device; and
      
      sending the encrypted response packet to the host device over the USB connection.

13. A system for providing security for data being transferred over a Universal Serial Bus (USB) connection, the system comprising:
- a USB connection;
  
  a host device, the host device having a host application configured with an IPsec policy including a first loopback interface and an IP address for the host device; and
  
  a client device, the client device having a device application configured with the IPsec policy including a second loopback interface and an IP address for the client device, and wherein the host device and the client device are configured to;
  
  send an IP packet to the first loopback interface on the host device, wherein the first loopback interface configures the packet to be routed to the second loopback interface;
  
  send the packet from the first loopback interface to an IPsec module on the host device for encryption pursuant to IPsec protocol;
  
  filter the encrypted packet received from the first loopback interface on the host device and configure the encrypted packet to be sent via USB protocol over the USB connection to the client device from the host device;
  
  send the encrypted packet to the client device over the USB connection;
  
  inject the encrypted packet into the second loopback interface on the client device;
  
  send the encrypted packet from the second loopback interface on the client device to the IPsec module on the client device for decryption; and
  
  send the decrypted packet to the second loopback interface on the device application, wherein the packet is received on the client device.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the IPsec policy configuration is set with a manual key configuration on the host device and the client device.
  - 15. The system of claim 13, wherein the IPsec policy configuration is set with an automatic key configuration on the host device and the client device.
  - 16. The system of claim 13, wherein the host device and the client device are configured to:
    - send an IP response packet to the second loopback interface on the client device, wherein the second loopback interface configures the response packet to be routed to the first loopback interface on the host device;
      
      send the response packet to an IPsec module on the client device for encryption pursuant to the IPsec protocol;
      
      filter the encrypted response packet received from the IPsec module on the client device and configuring the encrypted response packet to be sent via the USB protocol over the USB connection to the host device;
      
      send the encrypted response packet to the host device over the USB connection;
      
      inject the encrypted response packet into the first loopback interface;
      
      send the encrypted response packet to the IPsec module on the host device for decryption; and
      
      receive the decrypted response packet from the IPsec module on the host device and filtering the response packet.
  - 17. The system of claim 16, wherein the host device is a printer and the client device is a personal computer, and the response packet has print data.
  - 18. The system of claim 13, wherein the first loopback interface is hosted on the host application on the host device, and the second loopback interface is hosted on the device application on the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Konica Minolta Laboratory U.S.A., Inc. (Konica Minolta Inc.)
Original Assignee
Konica Minolta Laboratory U.S.A., Inc. (Konica Minolta Inc.)
Inventors
Perez, Maria
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
Cattungal, Dereena T

Application Number

US14/633,941
Publication Number

US 20160255062A1
Time in Patent Office

1,306 Days
Field of Search

713150, 713168
US Class Current
CPC Class Codes

G06F 21/608   Secure printing

H04L 12/40   Bus networks

H04L 63/0254   Stateful filtering

H04L 63/0428   wherein the data content is...

H04L 63/0485   Networking architectures fo...

H04L 63/164   at the network layer

H04L 63/20   for managing network securi...

Method and system for IPSec security for IPP-USB data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for IPSec security for IPP-USB data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links