Dynamic substitution of USB data for on-the-fly encryption/decryption
First Claim
1. A method for mediating data transfer between a device and a secure component, comprising:
- receiving a first and second data request from the secure component at a security module;
after said receipt of the first data request at the security module, passing said first data request to said device;
receiving data in response to said first data request from said device at the security module;
after said receipt of said first data request at the security module, sending a deliberately false first signal to said secure component indicating that no data is available;
after said receipt of said data from said device, encrypting said data at the security module;
intercepting a second data request from said secure component to said device at the security module; and
after intercepting said second data request, sending said encrypted data to said secure component and sending a deliberately smashed second signal to said device.
2 Assignments
0 Petitions
Accused Products
Abstract
A security module and method implements data requests from a USB or other similar device, in which a secure component can communicate securely with a device without modifying the underlying USB bus protocol, or the device, even where the software controlling the bus is untrusted. A security module (physically separate or integrated into a device or hub) intercepts data being sent from device to secure component in response to a data request. A “not acknowledged” signal is sent to the secure component, and the data is encrypted. The next data request is intercepted, and the encrypted data sent in response. The acknowledgement from the secure component to the device is allowed to reach the device. In order to handle a setup request, an allow command is sent to the security module, which includes the encrypted and unencrypted setup command. If an encryption check is successful, a setup command sent to the device (via the security module) is allowed to reach the device.
-
Citations
32 Claims
-
1. A method for mediating data transfer between a device and a secure component, comprising:
-
receiving a first and second data request from the secure component at a security module; after said receipt of the first data request at the security module, passing said first data request to said device; receiving data in response to said first data request from said device at the security module; after said receipt of said first data request at the security module, sending a deliberately false first signal to said secure component indicating that no data is available; after said receipt of said data from said device, encrypting said data at the security module; intercepting a second data request from said secure component to said device at the security module; and after intercepting said second data request, sending said encrypted data to said secure component and sending a deliberately smashed second signal to said device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for mediating data transfer between a USB device and a secure component operably connected to a USB host, comprising:
-
intercepting data from said USB device responsive to a first IN token from said secure component at a security module; sending a deliberately false first signal to said secure component from the security module indicating that no data is available; encrypting said data at the security module; intercepting a second IN token sent by said secure component for said USB device; and in response to intercepting the second IN token, sending said encrypted data to said secure component and sending a deliberately smashed second signal to said device. - View Dependent Claims (9)
-
-
10. A security module for mediating data transfer between a device and a secure component, comprising:
-
means for receiving a first and second data request at the security module; means for, after said receipt of the first data request, passing said first data request to said device; means for, after said passing of said first data request to said device, receiving data from said device at the security module; means for, after said receipt of said first data request, sending a deliberately false signal from the security module to said secure component indicating that no data is available; means for, after said receipt of said data from said device, encrypting said data at the security module; means for intercepting a second data request at the security module from said secure component to said device; and means for, after said second data request, sending said encrypted data from the security module to said secure component and sending a deliberately smashed second signal to said device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A security module for mediating data transfer between a USB device and a secure component operably connected to a USB host comprising:
-
means for intercepting data from said USB device responsive to a first IN token from said secure component at a security module; means for sending a deliberately false first signal to said secure component indicating that no data is available; means for encrypting said data at the security module; means for intercepting a second IN token sent by said secure component for said USB device at the security module; and means for sending said encrypted data from the security module to said secure component and sending a deliberately smashed second signal to said device. - View Dependent Claims (23)
-
-
24. A tangible computer-readable medium for mediating data transfer between a device and a secure component, said computer-readable medium having computer-readable instructions which, when executed by one or more processors, implement steps comprising:
-
receiving a first and second data request at a security module; after said receipt of a first data request, passing said first data request to said device; after said passing of said first data request to said device, receiving data from said device at the security module; after said receipt of said first data request, sending a deliberately false signal from the security module to said secure component indicating that no data is available; after said receipt of said data from said device, encrypting said data at the security module; intercepting a second data request at the security module from said secure component to said device; and after said second data request, sending said encrypted data to said secure component and sending a deliberately smashed second signal to said device. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A tangible computer-readable medium for mediating data transfer between a USB device and a secure component operably connected to a USB host, said computer-readable medium having computer-readable instructions which, when executed by one or more processors, implement steps comprising:
-
intercepting data at a security module from said USB device responsive to a first IN token from said secure component; encrypting said data at the security module; sending a deliberately false signal to said secure component indicating that no data is available intercepting a second IN token at the security module sent by said secure component for said USB device; and sending said encrypted data to said secure component from the security module and sending a deliberately smashed second signal to said device. - View Dependent Claims (32)
-
Specification