Methods and apparatus for securing communications of a user operated device

US 8,180,051 B1
Filed: 10/07/2002
Issued: 05/15/2012
Est. Priority Date: 10/07/2002
Status: Active Grant

First Claim

Patent Images

1. In a user operated input device that provides user input to a computerized device, a method for establishing a secure communications session between the user operated input device and the computerized device in communications with the user operated input device, the method comprising:

transferring an enable security message from the user operated input device to the computerized device via a first interface of the user operated input device;

receiving, at the first interface of the user operated input device, a first communications enablement message from the computerized device, the first communications enablement message including first key material generated by the computerized device, the first key material being a complete public key transmitted to the user operated input device from the computerized device;

receiving, at a second user interface of the user operated input device, a copy of a fingerprint of the first key material via input from a user operating the user operated input device to send to the computerized device, the fingerprint of the first key material having been displayed to the user on a display device coupled to the computerized device, wherein the copy of the fingerprint of the first key material is transmitted to the computerized device;

upon determining, by the computerized device, that the copy of the fingerprint of the first key material matches the fingerprint of the first key material, establishing an encrypted communications session between the user operated input device and the computerized device using the first communications enablement message; and

applying an encryption algorithm using at least the first key material to establish the encrypted communications session between the user operated input device and the computerized device such that subsequent communications taking place between the user operated input device and the computerized device are encrypted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system provides secure communications between a user operated device and a computerized device. The user operated device transfers an enable security message to the computerized device, and in response, the computerized device sends a first communications enablement message to the user operated device and displays a second communications enablement message on a display of the computerized device for viewing by a user operating the user operated device. The user operated device receives the first communications enablement message from the computerized device and receives the second communications enablement message from the user and establishes a secure communications session between the user operated device and the computerized device using the first communications enablement message and the second communications enablement message. The communications enablement messages can contain key material that enable encryption between the user operated device and the computerized device.

69 Citations

View as Search Results

28 Claims

1. In a user operated input device that provides user input to a computerized device, a method for establishing a secure communications session between the user operated input device and the computerized device in communications with the user operated input device, the method comprising:
- transferring an enable security message from the user operated input device to the computerized device via a first interface of the user operated input device;
  
  receiving, at the first interface of the user operated input device, a first communications enablement message from the computerized device, the first communications enablement message including first key material generated by the computerized device, the first key material being a complete public key transmitted to the user operated input device from the computerized device;
  
  receiving, at a second user interface of the user operated input device, a copy of a fingerprint of the first key material via input from a user operating the user operated input device to send to the computerized device, the fingerprint of the first key material having been displayed to the user on a display device coupled to the computerized device, wherein the copy of the fingerprint of the first key material is transmitted to the computerized device;
  
  upon determining, by the computerized device, that the copy of the fingerprint of the first key material matches the fingerprint of the first key material, establishing an encrypted communications session between the user operated input device and the computerized device using the first communications enablement message; and
  
  applying an encryption algorithm using at least the first key material to establish the encrypted communications session between the user operated input device and the computerized device such that subsequent communications taking place between the user operated input device and the computerized device are encrypted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein:
    - the step of applying an encryption algorithm using the first key material comprises;
      
      performing an asymmetric key encryption algorithm using the complete public key to encrypt communications between the user operated input device and the computerized device.
  - 3. The method of claim 1 wherein the fingerprint of the first key material is a secure hash of at least a portion of the first key material.
  - 4. The method of claim 1 wherein applying an encryption algorithm using the first key material to establish an encrypted communications session between the user operated input device and the computerized device comprises:
    - applying a data modification technique including at least one of a cipher block chaining technique and a data padding technique to the encryption algorithm such that two identical portions of subsequent input received from the user operated input device are transferred from the user operated input device to the computerized device using different outputs.
  - 5. The method of claim 1 wherein transferring an enable security message comprises:
    - receiving an enable security input from the user, the enable security input indicating that the user desires to establish the secure communications session between the user operated input device and the computerized device.
  - 6. The method of claim 1 wherein establishing the encrypted communications session between the user operated input device and the computerized device comprises:
    - activating a secure indicator to indicate to the user that the user operated input device has established the encrypted communications session between the user operated input device and the computerized device.
  - 7. The method of claim 1 comprising:
    - receiving, as input from a user, a disable security message; and
      
      in response to the step of receiving the disable security message, disestablishing the secure communications session between the user operated input device and the computerized device such that the user operated input device and the computerized device can communicate in a non-secure manner.
  - 8. The method of claim 1 wherein establishing a the encrypted communications session between the user operated input device and the computerized device comprises:
    - applying at least one of;
      
      i. a symmetric key encryption technique; and
      
      ii. a data modification technique including at least one of a cipher block chaining technique and a data padding technique;
      
      to establish and maintain the encrypted communications session between the user operated input device and the computerized device such that subsequent input received by the user operated input device is encrypted and transmitted to the computerized device as encrypted data.
  - 9. The method of claim 1 wherein the user operated input device is a keyboard.
  - 10. The method of claim 1 wherein the user operated input device is a mouse.
  - 11. The method of claim 1 wherein the user operated input device is at least one of a joystick, a touchpad, a trackball, a keypad, and an electronic notepad.

12. In a computerized device, a method for establishing a secure communications session between the computerized device and a user operated input device that provides user input to the computerized device, the method comprising the steps of:
- receiving an enable security message from the user operated input device in communications with the computerized device;
  
  in response to the enable security message, generating, by the computerized device, first key material to send to the first interface of the user operated input device;
  
  sending a first communications enablement message to the user operated input device, the first communications enablement message including the first key material, the first key material being a complete public key transmitted to the user operated input device from the computerized device;
  
  displaying, on a display device in communications with the computerized device, a second communications enablement message for viewing by a user, the second communications enablement message including second key material containing a fingerprint of the first key material;
  
  responsive to the displayed second communications enablement message (i) having been input to the user operated input device and (ii) matching the displayed fingerprint of the first key material, establishing an encrypted communications session between the user operated input device and the computerized device based on the first communications enablement message and the second communications enablement message; and
  
  applying an encryption algorithm using at least the first key material to establish the encrypted communications session between the user operated input device and the computerized device such that the communications taking place between the user operated input device and the computerized device are encrypted.

13. A user operated input device that provides user input to a computerized device comprising:
- a user input mechanism;
  
  a communications interface that can be engaged in communications with a computerized device;
  
  a memory;
  
  a processor;
  
  an interconnection mechanism coupling the user input mechanism, the communications interface, the memory and the processor;
  
  wherein the memory is encoded with a device encryption application that when executed in conjunction with the processor provides a device encryption process that establishes a secure communications session between the user operated input device and the computerized device in communications with the user operated input device by performing the steps of;
  
  transferring, from the user operated input device to the computerized device over the communications interface, an enable security message;
  
  receiving, over the communications interface, a first communications enablement message, the first communications enablement message including first key material generated by the computerized device, the first key material being a complete public key transmitted to the user operated input device from the computerized device;
  
  receiving, as input from a user operating the user operated input device via the user input mechanism, a second communications enablement message, the second communications enablement message including second key material containing a copy of a fingerprint of the first key material, the fingerprint of the first key material having been displayed to the user on a display device coupled to the computerized device, wherein the copy of the fingerprint of the first key material is transmitted to the computerized device;
  
  upon determining, by the computerized device, that the copy of the fingerprint of the first key material matches the displayed fingerprint of the first key material, establishing an encrypted communications session between the user operated input device and the computerized device over the communications interface using the first communications enablement message and the second communications enablement message; and
  
  applying an encryption algorithm using at least the first material to establish the encrypted communications session between the user operated input device and the computerized device such that the communications taking place between the user operated input device and the computerized device are encrypted.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The user operated input device of claim 13 wherein:
    - when the user operated input device performs the step of applying an encryption algorithm using at least the first key material, the user operated input device performs the steps of;
      
      performing an asymmetric key encryption algorithm using the complete public key to encrypt communications between the user operated input device and the computerized device over the communications interface.
  - 15. The user operated input device of claim 14 wherein the user operated input device performs the steps of:
    - receiving subsequent user input;
      
      encrypting the subsequent user input to form encrypted output; and
      
      transmitting, from the user operated input device to the computerized device, the encrypted output for receipt and subsequent decryption by the computerized device.
  - 16. The user operated input device of claim 15 wherein the user operated input device performs the step of:
    - encrypting the subsequent user input using the complete public key.
  - 17. The user operated input device of claim 15 wherein the user operated input device performs the steps of:
    - creating a session key for use in encrypting user input from the user operating the user operated input device;
      
      encrypting the session key with the complete public key to produce an encrypted session key;
      
      communicating the encrypted session key to the computerized device for receipt and subsequent decryption by the computerized device using a private key maintained by the computerized device, the private key being associated with the complete public key; and
      
      wherein when the user operated input device performs the step of encrypting the subsequent user input, the user operated input device performs the step of;
      
      encrypting the subsequent user input using the session key such that the encrypted output can be decrypted by the computerized device using the session key communicated to and decrypted by the computerized device.
  - 18. The user operated input device of claim 13 whereinthe user operated input device performs the steps of:
    - applying a fingerprint function to the first key material to produce fingerprinted first key material;
      
      comparing the fingerprinted first key material to the fingerprint of the first key material contained in the second key material to validate the complete public key received in the first key material; and
      
      performing an asymmetric key encryption algorithm using the complete public key to encrypt communications between the user operated input device and the computerized device.
  - 19. The user operated input device of claim 18 wherein the fingerprint on the first key material is a secure hash of at least a portion of the first key material.
  - 20. The user operated input device of claim 13 wherein, when the input device performs the step of applying an encryption algorithm using at least the first key material to establish an encrypted communications session between the input device and the computerized device, the input device performs the step of:
    - applying a data modification technique including at least one of a cipher block chaining technique and a data padding technique to the encryption algorithm such that two identical portions of subsequent input received from the input device are transferred to the computerized device over the communications interface using different encrypted outputs.
  - 21. The user operated input device of claim 13 wherein when the input device performs the step of transferring an enable security message, the input device further performs the step of:
    - receiving an enable security input from the user, the enable security input indicating that the user desires to establish the secure communications session between the input device and the computerized device over the communications interface.
  - 22. The user operated input device of claim 13 wherein when the user operated input device performs the step of establishing an encrypted communications session between the user operated input device and the computerized device, the user operated input device performs the step of:
    - activating a secure indicator coupled to the user operated input device to indicate to the user that the user operated input device has established the encrypted communications session between the user operated input device and the computerized device.
  - 23. The user operated input device of claim 13 wherein the user operated input device performs the steps of:
    - receiving, as input from a user, a disable security message; and
      
      in response to the step of receiving the disable security message, disestablishing the secure communications session between the user operated input device and the computerized device such that the user operated input device and the computerized device can communicate in a non-secure manner.
  - 24. The user operated input device of claim 13 wherein when the user operated input device performs the step of establishing an encrypted communications session between the user operated input device and the computerized device, the user operated device performs the step of:
    - applying at least one of;
      
      i. a symmetric key encryption technique;
      
      ii. an asymmetric key encryption technique; and
      
      iii. a data modification technique including at least one of a cipher block chaining technique and a data padding technique;
      
      to establish and maintain the secure communications session between the user operated input device and the computerized device such that subsequent user input received by the user operated input device is encrypted and transmitted to the computerized device as encrypted output.

25. An apparatus, comprising:
- a user operated input device; and
  
  a computerized device configured to receive input from the user operated input device including at least;
  
  a display interface capable of being coupled to a display device that presents information to a user,a communications interface, coupled to the computerized device, capable of being coupled to and communicating with the user operated input device,a memory,a processor,an interconnection mechanism coupling the display interface, the communications interface, the memory and the processor;
  
  wherein the memory is encoded with a secure device driver application that, when executed by the processor, produces a secure device driver process that causes the computerized device to establish a secure communications session between the computerized device and the user operated input device, by causing the computerized device to perform the steps of;
  
  receiving, over the communications interface, an enable security message from the user operated input device in communications with the computerized device;
  
  in response to the enable security message, obtaining, by the secure device driver application, first key material generated by the computerized device to send to the user operated input device;
  
  sending a first communications enablement message to the user operated input device over the communications interface, the first communications enablement message including the first key material, the first key material being a complete public key transmitted to the user operated input device from the computerized device;
  
  displaying, on the display device, a second communications enablement message for viewing by the user operating the user operated input device, the second communications enablement message including a fingerprint of the first key material;
  
  responsive to the displayed second communications enablement message (i) having been input to the user operated input device and (ii) matching the displayed fingerprint of the first key material, establishing an encrypted communications session between the user operated input device and the computerized device over the communications interface based on the first communications enablement message and the second communications enablement message; and
  
  applying an encryption algorithm using at least the first key material to establish the encrypted communications session between the user operated input device and the computerized device such that the communications taking place between the user operated input device and the computerized device are encrypted.
- View Dependent Claims (26)
- - 26. The apparatus of claim 25 wherein when the computerized device performs the step of applying an encryption algorithm using at least one of the first and second key material to establish an encrypted communications session between the user operated input device and the computerized device, the computerized device performs the step of:
    - applying a data modification technique including at least one of a cipher block chaining technique and a data padding technique to the encryption algorithm such that two identical portions of subsequent user input received from the user operated input device as respective different outputs are decrypted back into the two identical portions of subsequent user input.

27. A non-transitory computer-readable storage medium including computer program logic encoded thereon that, when performed in a user operated input device coupled to a computerized device, causes the user operated input device to perform the operations of:
- transferring an enable security message from the user operated input device to the computerized device via a first interface of the user operated input device;
  
  receiving, at the first interface of the user operated input device, a first communications enablement message from the computerized device, the first communications enablement message including first key material generated by the computerized device, the first key material being a complete public key transmitted to the user operated input device from the computerized device;
  
  receiving, at a second user interface of the user operated input device, a second communications enablement message as input from a user operating the user operated input device, the second communications enablement message including second key material containing a fingerprint of the first key material, the fingerprint of the first key material having been displayed to the user on a display device coupled to the computerized device, wherein the copy of the fingerprint of the first key material is transmitted to the computerized device;
  
  upon determining, by the computerized device, that the copy of the fingerprint of the first key material matches the fingerprint of the first key material, establishing an encrypted communications session between the user operated input device and the computerized device using the first communications enablement message and the second communications enablement message; and
  
  applying an encryption algorithm using at least one of the first and second key material to establish the encrypted communications session between the user operated input device and the computerized device such that the communications taking place between the user operated input device and the computerized device are encrypted.

28. A non-transitory computer-readable storage medium including computer program logic encoded thereon that, when performed in a computerized device having a coupling to a user operated input device that provides user input to the computerized device, causes the computerized device to perform the operations of:
- receiving an enable security message from the user operated input device in communications with the computerized device;
  
  in response to the enable security message, generating first key material to send to the user operated input device;
  
  sending a first communication enablement message to the user operated input device, the first communications enablement message including the first key material, the first key material being a complete public key transmitted to the user operated input device from the computerized device;
  
  displaying, on a display device in communications with the computerized device, a second communications enablement message for viewing by a user operating the user operated input device, the second communications enablement message including second key material containing a fingerprint of the first key material that the computerized device displays on the display device of the computerized device and that the user can see and can provide as input to the user operated input device for receipt of the second communications enablement message;
  
  responsive to the displayed second communications enablement message (i) having been input to the user operated input device and (ii) matching the displayed fingerprint of the first key material, establishing an encrypted communications session between the user operated input device and the computerized device based on the first communications enablement message and the second communications enablement message; and
  
  applying an encryption algorithm using at least one of the first and second key material to establish the encrypted communications session between the user operated input device and the computerized device such that the communications taking place between the user operated input device and the computerized device are encrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jasper Technologies, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
O'Toole, James W. Jr.
Primary Examiner(s)
Davis, Zachary A

Application Number

US10/265,983
Time in Patent Office

3,508 Days
Field of Search

713/182, 380/270, 380/273, 380/255, 380/285, 726/34, 341/22, 710/73, 710/62, 710/67, 710/72
US Class Current

380/255
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 21/83   input devices, e.g. keyboar...

H04L 2209/20   Manipulating the length of ...

H04L 9/0827   involving distinctive inter...

H04L 9/0866   involving user or device id...

H04L 9/14   using a plurality of keys o...

H04L 9/3231   Biological data, e.g. finge...

Methods and apparatus for securing communications of a user operated device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for securing communications of a user operated device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links