Master-Slave Security Devices

US 20080183305A1
Filed: 01/29/2007
Published: 07/31/2008
Est. Priority Date: 01/29/2007
Status: Active Grant

First Claim

Patent Images

1. A device for use in enforcing security in a system comprising:

a processor, that at least in part, determines when an event has occurred;

a port coupled to the processor for communication with a master device;

a cryptographic function coupled to the processor for authenticating communications with the master device; and

a switch coupled to the processor that renders inoperable a corollary device coupled to the device, the switch responsive to a signal from the processor related to the event.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer or other electronic device requiring physical integrity of its components, for example, a pay-per-use computer may use a master security device in communication with a plurality of slave security devices, known as security beans. Each security bean may be given a cryptographic key or keys for use in authenticating communication with the master security device. Each security bean may be coupled to an associated component and may have the ability to disable that associated component. In one embodiment, security bean has an analog switch that may be configured to block or attenuate a critical signal used by the associated component. The security bean may start up in the disable mode and respond to a verified signal from the master security device to enable its corresponding component.

47 Citations

View as Search Results

20 Claims

1. A device for use in enforcing security in a system comprising:
- a processor, that at least in part, determines when an event has occurred;
  
  a port coupled to the processor for communication with a master device;
  
  a cryptographic function coupled to the processor for authenticating communications with the master device; and
  
  a switch coupled to the processor that renders inoperable a corollary device coupled to the device, the switch responsive to a signal from the processor related to the event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The device of claim 1, wherein the port is coupled to a communication channel dedicated to communication between the master device and one or more of the devices.
  - 3. The device of claim 1, wherein the corollary device is a circuit and the switch is an analog switch that enables a power input on the circuit.
  - 4. The device of claim 1, wherein the corollary device is a bus and the switch is an analog switch that couples a load to the bus.
  - 5. The device of claim 1, further comprising a memory for storing a cryptographic secret.
  - 6. The device of claim 1, further comprising a timeout timer, wherein the event is an expiration of time at the timeout timer.
  - 7. The device of claim 6, wherein the port comprises a receiver and a signal from the master device causes the timeout timer to reset.
  - 8. The device of claim 1, wherein the processor is operable to receive a ping from the master device and respond with an encrypted acknowledgement of the ping.
  - 9. The device of claim 1, wherein the port communicates over one of a dedicated wired bus and wireless network.
  - 10. The device of claim 1, wherein the port communicates over a bus associated with data traffic for the corollary device.

11. A method of binding of components in a system comprising:
- disposing a plurality of slave devices in the system, each slave device capable of rendering inoperable a respective component of the system; and
  
  determining at the slave device when an event has occurred and disabling the respective component of the system responsive to the event.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising disposing a master device in the system, wherein the event is a signal from the master device for one of disabling and impeding the respective component of the system.
  - 13. The method of claim 11, further comprising disposing a master device in the system wherein the event is a timeout of a watchdog timer when a timer reset signal from the master device is absent during a predetermined timeout period.
  - 14. The method of claim 11, further comprising disposing a master device in the system and sending an acknowledgement from the slave device to the master device responsive to a request from the master device.
  - 15. The method of claim 14, further comprising disposing a master device in the system and sending a cryptographically verifiable acknowledgement from the slave device to the master device responsive to a cryptographically verified request from the master device.
  - 16. The method of claim 11, further comprising disposing a master device in the system wherein the master sends a request message to each of the plurality of slave devices and sends a disable signal to the each of plurality of slave devices when a total of acknowledge messages responsive to the request message fail to meet a threshold level for acknowledgement messages.

17. A system for securing an electronic device having a plurality of components comprising:
- one or more security devices, each of the one or more security devices associated with a corresponding one of the plurality of components, each of the one or more security devices capable of disabling its respective component, anda security master in communication with each of the one or more communication devices, wherein each of the one or more security devices disables its respective one of the plurality of components when communication between the security component and the one or more security devices fails to reach an acceptable threshold.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein each of the one or more security devices comprises a timeout timer that disables its respective one of the plurality of components unless reset by an acceptable threshold of communication during a timeout period.
  - 19. The system of claim 17, wherein each of the one or more security devices responds to a poll from the security master and is responsive to a disable message from the security master when a threshold number of the one or more security devices fail to respond to the poll.
  - 20. The system of claim 17, wherein the plurality of components comprises one of a memory controller, a disk controller, a data bus, a peripheral controller, a graphics controller, a peripheral device, and a processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Carpenter, Todd L., Westerinen, William J., Schmidt, Shon, Xu, Zhangwei, Foster, David James, Steeb, Curt Andrew, Sebesta, David Jaroslav

Granted Patent

US 8,151,118 B2
Time in Patent Office

Days
Field of Search
US Class Current

700/3
CPC Class Codes

G06F 21/72 in cryptographic circuits

G06F 21/85 interconnection devices, e....

Master-Slave Security Devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Master-Slave Security Devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links