Universal serial bus selective encryption
First Claim
1. A server configured to interact with a remote USB device comprising:
- an interface to receive an identifying message from a remote client associated with the remote USB device to a security policy engine, wherein the identifying message includes a USB transfer descriptor associated with the remote USB device;
the security policy engine, configured to;
identify the remote USB device based at least in part on the USB transfer descriptor provided in the received identifying message; and
determine a security policy for the remote USB device based at least in part on the identity of the remote USB device; and
the interface, further configured to transmit a policy message comprising the determined security policy from the security policy engine to the remote client,wherein USB data traffic between the remote client and the server is selectively encrypted by the remote client based at least in part on the security policy,wherein the server transmits an instruction comprising a set of parameters which includes at least one of a width of a data bus, an analog or digital overcurrent detection, and a device-specific hardware configuration, to a host controller of the remote client for initializing the host controller before the remote USB device is detected, andwherein the security policy engine is a hardware processor.
6 Assignments
0 Petitions
Accused Products
Abstract
A method to interact with a remote USB device is disclosed. An identifying message is received from a remote client associated with the remote USB device. The remote USB device is identified based at least in part on the identifying message from the remote client. A security policy is determined for the remote USB device. A policy message is transmitted to the remote client for selectively implementing the security policy of the remote USB device. A method to interact with a local USB device is disclosed. An identifying message is determined by performing a host controller service for the local USB device. The identifying message is transmitted to a server. A policy message is received from the server for selectively implementing a security policy on the local USB device. The security policy is regarded and configuring the host controller service.
-
Citations
42 Claims
-
1. A server configured to interact with a remote USB device comprising:
-
an interface to receive an identifying message from a remote client associated with the remote USB device to a security policy engine, wherein the identifying message includes a USB transfer descriptor associated with the remote USB device; the security policy engine, configured to; identify the remote USB device based at least in part on the USB transfer descriptor provided in the received identifying message; and determine a security policy for the remote USB device based at least in part on the identity of the remote USB device; and the interface, further configured to transmit a policy message comprising the determined security policy from the security policy engine to the remote client, wherein USB data traffic between the remote client and the server is selectively encrypted by the remote client based at least in part on the security policy, wherein the server transmits an instruction comprising a set of parameters which includes at least one of a width of a data bus, an analog or digital overcurrent detection, and a device-specific hardware configuration, to a host controller of the remote client for initializing the host controller before the remote USB device is detected, and wherein the security policy engine is a hardware processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A client configured to interact with a local USB device comprising:
-
a host controller, coupled to the local USB device, configured to be initialized upon receiving an instruction comprising a set of parameters which includes at least one of a width of a data bus, an analog or digital overcurrent detection, and a device-specific hardware configuration from a server before the local USB device is detected; a security policy engine, coupled to the host controller; an interface, configured to; send an identifying message to the server, the identifying message includes a USB transfer descriptor associated with the local USB device; and receive a policy message comprising a security policy from the server, the security policy being determined by the server based on the USB transfer descriptor; wherein the security policy engine is configured to; regard the policy message and configure the host controller; and selectively encrypt USB data traffic between the remote client and the server based at least in part on the security policy. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method to interact with a remote USB device comprising:
-
receiving an identifying message from a remote client associated with the remote USB device, wherein the identifying message includes a USB transfer descriptor associated with the remote USB device; identifying the remote USB device based at least in part on the USB transfer descriptor provided in the received identifying message; determining a security policy for the remote USB device based at least in part on the identity of the remote USB device; and transmitting a policy message comprising the determined security policy to the remote client wherein USB data traffic between the remote client and a server is selectively encrypted by the remote client based at least in part on the security policy, and wherein the server transmits an instruction comprising a set of parameters which includes at least one of a width of a data bus, an analog or digital overcurrent detection, and a device-specific hardware configuration, to a host controller of the remote client for initializing the host controller before the remote USB device is detected.
-
-
41. A method to interact with a local USB device comprising:
-
initializing a host controller upon receiving an instruction comprising a set of parameters which includes at least one of a width of a data bus, an analog or digital overcurrent detection, and a device-specific hardware configuration, from a server before the local USB device is detected; determining an identifying message by performing a host controller service for the local USB device, wherein the identifying message includes a USB transfer descriptor associated with the local USB device; transmitting the identifying message to a server; receiving a policy message comprising a security policy from the server, the security policy being determined by the server based on the USB transfer descriptor; and configuring the host controller service; and selectively encrypting USB data traffic to and from the server based at least in part on the security policy.
-
-
42. A server configured to interact with a remote USB device comprising:
-
an interface to receive an identifying message from a remote client associated with the remote USB device to a security policy engine, wherein the identifying message includes a USB transfer descriptor associated with the remote USB device; the security policy engine, configured to; identify the remote USB device based at least in part on the USB transfer descriptor provided in the received identifying message; and determine a security policy for the remote USB device based at least in part on the identity of the remote USB device; and the interface, further configured to transmit a policy message comprising the determined security policy from the security policy engine to the remote client, wherein the remote client is configured to; implement the received security policy on the remote USB device; and selectively encrypt USB data traffic from the remote client to the server based at least in part on the security policy, wherein the security policy engine determines the security policy from among at least two security policies, wherein the at least two security policies comprise a plurality of stored registers comprising; a first register to flag whether a particular isochronous USB transfer is to be encrypted; a second register to flag whether a particular interrupt USB transfer is to be encrypted; a third register to flag whether a particular bulk or Asynchronous Transfer List is to be encrypted; and a fourth register to select when access of registers and memory space of the remote client is to be encrypted, and wherein the security policy further comprises type of access to be protected, and wherein the security policy engine is a hardware processor.
-
Specification