Accessing a USB host controller security extension using a HCD proxy

US 20060218409A1
Filed: 03/25/2005
Published: 09/28/2006
Est. Priority Date: 03/25/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

obtaining first data associated with a USB device, wherein the first data is a result of program code associated with the USB device being executed outside of a trusted execution environment of a computer;

sending second data associated with the first data to the trusted execution environment; and

receiving third data associated with the first data from the trusted execution environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.

22 Citations

View as Search Results

20 Claims

1. A method, comprising:
- obtaining first data associated with a USB device, wherein the first data is a result of program code associated with the USB device being executed outside of a trusted execution environment of a computer;
  
  sending second data associated with the first data to the trusted execution environment; and
  
  receiving third data associated with the first data from the trusted execution environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the program code associated with the USB device is a part of a device driver for the USB device.
  - 3. The method of claim 2, further comprising:
    - sending the third data to program code associated with a USB host controller for delivery to the device driver for the USB device.
  - 4. The method of claim 3, wherein the program code associated with the USB host controller is part of a device driver for the USB host controller.
  - 5. The method of claim 1, wherein the first data is a USB transfer request.
  - 6. The method of claim 1, further comprising:
    - sending the second data to a device driver for a security extension, wherein the device driver for the security extension resides in the trusted execution environment, and wherein the second data comprises a notification to access a buffer associated with the security extension and retrieve data.
  - 7. The method of claim 6, wherein the third data comprises the data retrieved from the buffer.
  - 8. The method of claim 1, wherein the first data is a USB control transfer request.
  - 9. The method of claim 8, further comprising:
    - sending the second data to a device driver for a security extension, wherein the device driver for the security extension resides in the trusted execution environment, and wherein the second data comprises the USB control transfer request.
  - 10. The method of claim 1, wherein obtaining first data associated with the USB device comprises obtaining the data from program code associated with a host controller.
  - 11. The method of claim 1, wherein the USB device is a trusted device.
  - 12. The method of claim 11, wherein the device becomes a trusted device after the program code associated with the USB device is loaded onto the computer.
  - 13. The method of claim 1, further comprising:
    - placing the first data in a queue before sending the second data.

14. A computer-readable medium having computer-executable instructions for performing steps, comprising:
- obtaining first data associated with a USB device, wherein the first data is a result of program code associated with the USB device being executed outside of a trusted execution environment of a computer;
  
  sending second data associated with the first data to the trusted execution environment; and
  
  receiving third data associated with the first data from the trusted execution environment.
- View Dependent Claims (15, 16)
- - 15. The computer-readable medium of claim 14, having further computer-executable instructions for performing the step of:
    - sending the second data to a device driver for a security extension, wherein the device driver for the security extension resides in the trusted execution environment, and wherein the second data comprises a notification to access a buffer associated with the security extension and retrieve data.
  - 16. The computer-readable medium of claim 14, having further computer-executable instructions for performing the step of:
    - sending the second data to a device driver for a security extension, wherein the device driver for the security extension resides in the trusted execution environment, and wherein the second data comprises the USB control transfer request.

17. A system, comprising:
- a trusted execution environment a host controller driver associated with a USB host controller, wherein the host controller driver resides outside of the trusted execution environment; and
  
  a host controller driver proxy for;
  
  obtaining first data associated with a USB device, wherein the first data is a result of program code associated with the USB device being executed outside of the trusted execution environment of a computer;
  
  sending second data associated with the first data to the trusted execution environment; and
  
  receiving third data associated with the first data from the trusted execution environment.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the host controller driver proxy additionally is for:
    - sending the third data to the host controller driver for delivery to a device driver for the USB device, wherein the program code associated with the USB device is a part of the device driver for the USB device.
  - 19. The system of claim 17, wherein the host controller driver proxy additionally is for:
    - sending the second data to a device driver for a security extension, wherein the device driver for the security extension resides in the trusted execution environment, and wherein the second data comprises a notification to access a buffer associated with the security extension and retrieve data.
  - 20. The system of claim 17, wherein the host controller driver proxy additionally is for:
    - sending the second data to a device driver for a security extension, wherein the device driver for the security extension resides in the trusted execution environment, and wherein the second data comprises the USB control transfer request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Williams, Mark, Avraham, Idan, Dunn, John C., Wooten, David R., Koeman, Constantyn

Granted Patent

US 7,886,353 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 13/102   where the programme perform...

G06F 21/53   by executing in a restricte...

G06F 21/85   interconnection devices, e....

G06F 2213/0042   Universal serial bus [USB]

Accessing a USB host controller security extension using a HCD proxy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Accessing a USB host controller security extension using a HCD proxy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links