System and method for securely connecting to a peripheral device

US 10,185,670 B2
Filed: 09/05/2016
Issued: 01/22/2019
Est. Priority Date: 09/15/2015
Status: Active Grant

First Claim

Patent Images

1. A device connectable between a host computer and a peripheral device using a standard bus, the device comprising:

a first module comprising;

a first connector connectable to a first cable for connecting to the host computer;

a first transceiver coupled to the first connector for transmitting messages to, and receiving messages from, the host computer over the first cable using the standard bus; and

a first memory storing a first firmware and a first processor for executing the first firmware, the first processor is coupled to control, and to communicate with, the first transceiver,wherein the first module is configured to emulate the peripheral device to the host computer;

a second module comprising;

a second connector connectable to a second cable for connecting to the peripheral device;

a second transceiver coupled to the second connector for transmitting messages to, and receiving messages from, the peripheral device over the second cable using the standard bus; and

a second memory storing a second firmware and a second processor for executing the second firmware, the second processor is coupled to control, and to communicate with, the second transceiver, wherein the second module is configured to emulate the host computer to the peripheral device;

a third module comprising;

a third memory storing a third firmware and a third processor for executing the third firmware, the third processor is coupled to control, and to communicate with, the second transceiver,wherein the third module is communicatively coupled to the first module exclusively over a first local bus, and is communicatively coupled to the second module exclusively over a second local bus;

and a single enclosure housing the first, second, and third modules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device connectable between a host computer and a computer peripheral over a standard bus interface is disclosed, used to improve security, and to detect and prevent malware operation. Messages passing between the host computer and the computer peripherals are intercepted and analyzed based on pre-configured criteria, and legitimate messages transparently pass through the device, while suspected messages are blocked. The device communicates with the host computer and the computer peripheral using proprietary or industry standard protocol or bus, which may be based on a point-to-point serial communication such as USB or SATA. The messages may be stored in the device for future analysis, and may be blocked based on current or past analysis of the messages. The device may serve as a VPN client and securely communicate with a VPN server using the host Internet connection.

79 Citations

View as Search Results

40 Claims

1. A device connectable between a host computer and a peripheral device using a standard bus, the device comprising:
- a first module comprising;
  
  a first connector connectable to a first cable for connecting to the host computer;
  
  a first transceiver coupled to the first connector for transmitting messages to, and receiving messages from, the host computer over the first cable using the standard bus; and
  
  a first memory storing a first firmware and a first processor for executing the first firmware, the first processor is coupled to control, and to communicate with, the first transceiver,wherein the first module is configured to emulate the peripheral device to the host computer;
  
  a second module comprising;
  
  a second connector connectable to a second cable for connecting to the peripheral device;
  
  a second transceiver coupled to the second connector for transmitting messages to, and receiving messages from, the peripheral device over the second cable using the standard bus; and
  
  a second memory storing a second firmware and a second processor for executing the second firmware, the second processor is coupled to control, and to communicate with, the second transceiver, wherein the second module is configured to emulate the host computer to the peripheral device;
  
  a third module comprising;
  
  a third memory storing a third firmware and a third processor for executing the third firmware, the third processor is coupled to control, and to communicate with, the second transceiver,wherein the third module is communicatively coupled to the first module exclusively over a first local bus, and is communicatively coupled to the second module exclusively over a second local bus;
  
  and a single enclosure housing the first, second, and third modules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 2. The device according to claim 1, wherein the peripheral device is an input device for receiving data from a user.
  - 3. The device according to claim 2, wherein the peripheral device consists of, or comprises, a keyboard, a pointing device, a trackball, a touch-pad, a touch-screen, a scanner, a digital camera, or a joystick.
  - 4. The device according to claim 1, wherein the peripheral device is an output device for notifying data to a user.
  - 5. The device according to claim 4, wherein the user notification consists of, comprises, or is based on, text, graphics, tactile, audio, or video.
  - 6. The device according to claim 4, wherein the output device consists of, or comprises, a printer, a display, or a speaker.
  - 7. The device according to claim 1, wherein the peripheral device is a non-volatile memory, and at least part of the messages are associated with reading from, or writing to, the non-volatile memory.
  - 8. The device according to claim 7, wherein the non-volatile memory consists of, or comprises, Hard Disk Drive (HDD), Solid State Drive (SSD), RAM, SRAM, DRAM, TTRAM, Z-RAM, ROM, PROM, EPROM, EEPROM, Flash-based memory, CD-RW, DVD-RW, DVD+RW, DVD-RAM BD-RE, CD-ROM, BD-ROM, or DVD-ROM.
  - 9. The device according to claim 1 further operative to detect a malware or a malware activity, and, wherein the malware consists of, includes, or is based on, a computer virus, spyware, DoS (Denial of Service), rootkit, ransomware, adware, backdoor, Trojan horse, or a destructive malware.
  - 10. The device according to claim 1, wherein the standard bus is an industry standard bus, and, wherein the first and second connectors, the first and second cables, the first and second transceivers, the communication between the first module and the host computer, and the communication between the second module and the peripheral device, are according to, or based on, the industry standard bus.
  - 11. The device according to claim 10, wherein the industry standard bus defines a point-to-point serial communication.
  - 12. The device according to claim 11, wherein the industry standard bus is according to, or based on, a Universal Standard Bus (USB).
  - 13. The device according to claim 12, wherein the industry standard bus is according to, or based on, USB 2.0 or USB 3.0.
  - 14. The device according to claim 11, wherein the industry standard bus is according to, or based on, Peripheral Component Interconnect (PCI) Express, Small Computer System Interface (SCSI), Serial Attached SCSI (SAS), Serial ATA (SATA), InfiniBand, PCI, PCI-X, AGP, Thunderbolt, IEEE 1394, FireWire, or Fibre-Channel.
  - 15. The device according to claim 1, wherein the first firmware comprises a first operating system for execution by the first processor, the second firmware comprises a second operating system for execution by the second processor, and the third firmware comprises a third operating system for execution by the third processor.
  - 16. The device according to claim 15, wherein the first, second, or third operating system consists of, comprises, is according to, or is based on, Linux.
  - 17. The device according to claim 15, wherein the first, second, or third operating system consists of, comprises, is according to, or is based on, Microsoft Windows or WDM.
  - 18. The device according to claim 17, wherein the first, second, or third operating system consists of, comprises, is according to, or based on, one out of Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows 8, Microsoft Windows 8.1, and Google Chrome OS.
  - 19. The device according to claim 15, wherein the first, second, or third operating system consists of, comprises, is according to, or is based on, a mobile operating system.
  - 20. The device according to claim 19, wherein the mobile operating system consists of, comprises, is according to, or is based on, Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 (Ice Cream Sandwich), Android Version 4.2 (Jelly Bean), Android version 4.4 (KitKat), Apple iOS version 3, Apple iOS version 4, Apple iOS version 5, Apple iOS version 6, Apple iOS version 7, Microsoft Windows®
    - Phone version 7, Microsoft Windows®
      
      Phone version 8, Microsoft Windows®
      
      Phone version 9, or Blackberry®
      
      operating system.
  - 21. The device according to claim 15, wherein first, second, or third operating system comprises, is according to, uses, or is based on, a class driver, an Human Input device (HID) driver, a minidriver, a class driver, a USB host driver, a USB peripheral driver, a PnP driver, a msdos.sys driver, a io.sys driver, a config.sys driver, or a function driver.
  - 22. The device according to claim 1, wherein the first or the second local bus is a synchronous serial bus.
  - 23. The device according to claim 22, wherein the first or the second local bus is a master/slave bus for connecting ICs.
  - 24. The device according to claim 22, wherein the first or the second local bus is based on, is according to, or comprises, Serial Peripheral Interface (SPI) bus or Inter-Integrated Circuit (I²C) bus.
  - 25. The device according to claim 1, wherein the first or the second local bus is a bi-directional bus.
  - 26. The device according to claim 25, wherein the first or the second local bus is a half-duplex or a full-duplex bus.
  - 27. The device according to claim 1, wherein the first or the second local bus is a uni-directional bus.
  - 28. The device according to claim 27, wherein the first local bus exclusively allows data transfer from the first module to the third module.
  - 29. The device according to claim 27, wherein the first local bus exclusively allows data transfer from the third module to the first module.
  - 30. The device according to claim 27, wherein the second local bus exclusively allows data transfer from the first module to the second module.
  - 31. The device according to claim 27, wherein the second local bus exclusively allows data transfer from the third module to the second module.
  - 32. The device according to claim 1, wherein the first or second local bus is using isolation barriers so that the respective first or second module is galvanically isolated over the respective bus from the third module.
  - 33. The device according to claim 32, wherein the isolation barrier is based on capacitance, induction, or electromagnetic waves, or optical means.
  - 34. The device according to claim 33, wherein first or second local bus comprise or use optocouplers or isolation transformers for galvanically isolating the respective modules.
  - 35. The device according to claim 1, wherein the standard bus is defined to carry a power signal and, wherein the first cable is connected to carry a first power signal and the second cable is connected to carry a second power signal, and, wherein the first module is configured to terminate the first power signal carried over the first cable, and the second module is configured to supply the second power signal.
  - 36. The device according to claim 1 further comprising a first, second, and third power connections, wherein the first module is connected to be powered exclusively from the first power connection, the second module is connected to be powered exclusively from the second power connection, and the third module is connected to be powered exclusively from the third power connection.
  - 37. The device according to claim 36 for use with a power source, further comprising a first Low Pass Filter (LPF) connected between the power source and the first power connection, a second Low Pass Filter (LPF) connected between the power source and the second power connection, and a third Low Pass Filter (LPF) connected between the power source and the third power connection.
  - 38. The device according to claim 37, wherein the first, second, or third LPF is structured according to, based on, or comprises, a Chebyshev filter, a Butterworth filter, a Bessel filter, or an Elliptic filter.
  - 39. The device according to claim 37, wherein the first, second, or third LPF is structured according to, based on, or comprises first order passive LPF that is according to, based on, or comprises, RC, RL, or RLC filter.
  - 40. The device according to claim 36, wherein the power source is a primary or rechargeable battery.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GateKeeper Ltd.
Original Assignee
GateKeeper Ltd.
Inventors
Litichever, Gil, Gutentag, Oded, Zvuluny, Eyal, Hershler, Ariel
Primary Examiner(s)
Mamo, Elias

Application Number

US15/750,528
Publication Number

US 20180225230A1
Time in Patent Office

869 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 13/107   Terminal emulation

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/56   Computer malware detection ...

G06F 21/82   Protecting input, output or...

G06F 2213/0008   High speed serial bus, e.g....

G06F 2213/0024   Peripheral component interc...

G06F 2213/0028   Serial attached SCSI [SAS]

G06F 2213/0032   Serial ATA [SATA]

G06F 2213/0036   Small computer system inter...

G06F 2213/0042   Universal serial bus [USB]

G06F 9/45504   Abstract machines for progr...

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

Y04S 40/20   Information technology spec...

System and method for securely connecting to a peripheral device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

40 Claims

Specification

Use Cases

Quick Links

Others

System and method for securely connecting to a peripheral device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

40 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others