USB SECURITY GATEWAY

US 20150365237A1
Filed: 06/17/2014
Published: 12/17/2015
Est. Priority Date: 06/17/2014
Status: Abandoned Application

First Claim

Patent Images

1. A secure serial communication gateway device comprising:

at least one first serial communication host connector to connect to at least one first host computer;

a serial communication peripheral device port to connect to a peripheral device; and

a security circuitry comprising;

a pre-qualification microcontroller;

a mode select switch connected to said serial communication peripheral device port and selectively connecting said serial communication peripheral device port to the selected one of;

said pre-qualification microcontroller; and

said first serial communication host connector; and

a serial communication enumeration and reset detector, connected to said serial communication peripheral device port, to monitor said serial communication peripheral device port and casing said mode select switch to switch said serial communication peripheral device port to said pre-qualification microcontroller when said serial communication device is disconnected from said serial communication peripheral device port;

wherein said pre-qualification microcontroller is capable of enumerating a connected peripheral device according to a table of peripheral device qualifications,and wherein said table of peripheral device qualifications may be field re-programmed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A USB gateway connected to a plurality of host computers having a USB device port connect to a peripheral device; and a security circuitry. The security circuitry comprises: a pre-qualification microcontroller; a mode select switch connected to the peripheral device port and selectively connecting it to one of: the pre-qualification microcontroller; or to a host selector switch that switches among the plurality of connected host computes. An enumeration and reset detector is connected to the USB peripheral device port to monitor that port and casing the mode select switch to switch back to the pre-qualification microcontroller when the peripheral device is disconnected or reset. The pre-qualification microcontroller is capable of enumerating a connected peripheral device and controlling the gateway according to a table containing lists of: device qualifications, indication of which device can connect to each host, and direction of data flow between host and device. The table of peripheral device qualifications may be field re-programmed.

Citations

33 Claims

1. A secure serial communication gateway device comprising:
- at least one first serial communication host connector to connect to at least one first host computer;
  
  a serial communication peripheral device port to connect to a peripheral device; and
  
  a security circuitry comprising;
  
  a pre-qualification microcontroller;
  
  a mode select switch connected to said serial communication peripheral device port and selectively connecting said serial communication peripheral device port to the selected one of;
  
  said pre-qualification microcontroller; and
  
  said first serial communication host connector; and
  
  a serial communication enumeration and reset detector, connected to said serial communication peripheral device port, to monitor said serial communication peripheral device port and casing said mode select switch to switch said serial communication peripheral device port to said pre-qualification microcontroller when said serial communication device is disconnected from said serial communication peripheral device port;
  
  wherein said pre-qualification microcontroller is capable of enumerating a connected peripheral device according to a table of peripheral device qualifications,and wherein said table of peripheral device qualifications may be field re-programmed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The secure serial communication gateway of claim 1, wherein the secure serial communication gateway is a stand alone unit.
  - 3. The secure serial communication gateway of claim 1, wherein the serial communication is USB protocol.
  - 4. The secure serial communication gateway of claim 3, wherein said serial communication enumeration and reset detector is a USB hub.
  - 5. The secure serial communication gateway of claim 3, wherein said serial communication enumeration and reset detector is selected from a group consisting of:
    - electromechanical switch capable of detecting disconnection of a plug from said serial communication peripheral device port;
      
      a current sensor capable of detecting decreased current from said serial communication peripheral device port to said peripheral device;
      
      a pull-up resistors detector capable of detecting disconnection of said peripheral device from said serial communication peripheral device port; and
      
      data flow monitoring unit capable of monitoring data flow between said peripheral device and said at least one first a host computer.
  - 6. The secure serial communication gateway of claim 3, wherein said security circuitry is further comprising:
    - a host USB hub inserted between said mode select switch and said at least one first serial communication host connector; and
      
      a security microcontroller connected to said host USB hub for enumerating said at least one first a host compute.
  - 7. The secure serial communication gateway of claim 6, wherein said security microcontroller is a USB token.
  - 8. The secure serial communication gateway of claim 3, wherein said at least one first serial communication host connector is a USB cable terminating with an eLock plug, wherein said eLock plug compromises:
    - a USB plug capable of interfacing with a USB jack of said host computer;
      
      at least one locking tooth capable of protruding from said USB plug, thus locking the eLocck to the USB jack of said host computer; and
      
      a solenoid capable of enabling and unlocking said at least one locking tooth from the USB jack of the host computer.
  - 9. The secure serial communication gateway of claim 1, wherein the serial communication is selected from the group consisting of:
    - USB 2.0, USB 3.0, USB 3.1, Thunderbolt, and Firewire.
  - 10. The secure serial communication gateway of claim 1, further comprising:
    - at least one second serial communication host connector to connect to at least one second host computer; and
      
      a host selection switch controlled by said pre-qualification microcontroller, to switch data exchange with said peripheral device among the plurality of connected host computers.
  - 11. The secure serial communication gateway of claim 10 wherein said table of peripheral device qualifications further associates peripheral device qualifications to each host connector.
  - 12. The secure serial communication gateway of claim 11, wherein said table associates with each of said host connector at least one of:
    - a black list, listing qualifications of peripheral device to be blocked from connecting to each of said host connectors; and
      
      a white list, listing qualifications of peripheral device to be allowed to connect to each of said host connectors.
  - 13. The secure serial communication gateway of claim 11, wherein:
    - said security circuitry is capable of enforcing one of;
      
      unidirectional data flow from said peripheral device to the selected host computer; and
      
      unidirectional data flow from the selected host computer to said peripheral device;
      
      and wherein said table associates at least one peripheral device qualification and each of said host connector at least one of;
      
      unidirectional data flow from said peripheral device to the selected host computer;
      
      unidirectional data flow from the selected host computer to said peripheral device;
      
      bidirectional data flow between the selected host computer and said peripheral device;
      
      no data flow between the selected host computer and said peripheral device.
  - 14. The secure serial communication gateway of claim 11, wherein said peripheral device qualifications are selected from the group consisting of:
    - USB class, USB sub-class, USB protocol, USB Vendor ID, USB Product ID, USB serial number.
  - 15. The secure serial communication gateway of claim 1, further comprising a programming port connected to said pre-qualification microcontroller, to connect to a programmer device for field re-programming of said table of peripheral device qualifications.
  - 16. The secure serial communication gateway of claim 15, wherein said security circuitry is capable of preparing and storing an event log file based on monitoring the activity of the secure serial communication gateway device, and transmitting said event log file via said programming port.
  - 17. The secure serial communication gateway of claim 15, wherein said field re-programming of said table of peripheral device qualifications comprises capturing qualifications of a peripheral device connected to said peripheral device port during the re-programming process.
  - 18. The secure serial communication gateway of claim 1, wherein field re-programming of said table of peripheral device qualifications is performed via said peripheral device port.
  - 19. The secure serial communication gateway of claim 1, further comprising a tamper detector capable of detecting attempt to compromise the secure serial communication gateway and permanently disable said secure serial communication gateway when detecting an attempt to compromise the secure serial communication gateway.

20. A Secure USB jack device comprising:
- at least one first USB host port having a plurality of pins to connect to the motherboard of a host computer;
  
  at least one first USB jack to connect to a first USB device; and
  
  a security circuitry comprising;
  
  a pre-qualification microcontroller;
  
  at least one first mode select switch connected to said first USB jack and selectively connecting said first USB jack to the selected one of;
  
  said pre-qualification microcontroller; and
  
  said first USB host port;
  
  wherein said plurality of pins fits the standard USB jack footprint.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The Secure USB jack device of claim 20, further comprising:
    - one second USB host port to connect to said motherboard of said host computer;
      
      at least one second USB jack to connect to a second USB device,wherein said security circuitry further comprising;
      
      one second mode, select switch connected to said second USB jack and selectively connecting said second USB jack to the selected one of;
      
      said pre-qualification microcontroller; and
      
      said second USB host port.
  - 22. The Secure USB jack device of claim 20, further comprising:
    - a USB enumeration and reset detector function, connected to said at least one first USB jack, to monitor said at least one first USB jack.
  - 23. The Secure USB jack device of claim 20, further comprising a programming port connected to said pre-qualification microcontroller.
  - 24. The Secure USB jack device of claim 20, further comprising at least one status indicator LED connected to said pre-qualification microcontroller.
  - 25. The Secure USB jack device of claim 20, further comprising a metal cover encasing the Secure USB jack device,wherein said security circuitry is in a form of a small printed circuit fitted within said cover the Secure USB jack device.

26. A USB filter comprising:
- a USB jack to connect to a USB device of a preset class;
  
  a USB host emulator connected to said a USB jack to emulate a host computer;
  
  a USB device emulator connected to said USB host emulator to emulate only a generic USB device of the same preset class as said USB device of a preset class; and
  
  at USB host port to connect to a host computer.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The USB filter of claim 26, wherein said USB device of a known class is selected from the group consisting:
    - a keyboard, and a mouse.
  - 28. The USB filter of claim 26, wherein the USB filter is attached to the motherboard of said host computer, and is within the enclosure of said host computer.
  - 29. The USB filter of claim 26, wherein the USB filter is inserted into a USB jack of said host computer.
  - 30. The USB filter of claim 29, wherein the USB filter is locked to a USB jack of said host computer.
  - 31. The USB filter of claim 26, further comprising a unidirectional data link enforcing unidirectional data flow only from said host emulator to said device emulator.
  - 32. The USB filter of claim 26, further comprising a system controller connected to said host emulator to provide management and security by monitoring the data exchange between said USB device and said host computer.
  - 33. B filter of claim 32, wherein said system controller is capable of disabling said filter if a USB device of a class other then said USB device of a preset class is connected to said USB jack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
High Sec Labs Ltd
Original Assignee
High Sec Labs Ltd
Inventors
SOFFER, Aviv

Application Number

US14/306,352
Publication Number

US 20150365237A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 13/105   where the programme perform...

G06F 13/126   and has means for transferr...

G06F 21/82   Protecting input, output or...

G06F 21/85   interconnection devices, e....

H04L 9/3234   involving additional secure...

USB SECURITY GATEWAY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

USB SECURITY GATEWAY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links