SECURE KVM SYSTEM HAVING MULTIPLE EMULATED EDID FUNCTIONS

US 20130050084A1
Filed: 11/10/2010
Published: 02/28/2013
Est. Priority Date: 11/10/2009
Status: Active Grant

First Claim

Patent Images

1. A method for supporting a plurality of host computers isolation while providing:

user display, user peripheral devices, a keyboard and a mouse in a secure KVM device, comprising;

a controller function; and

a Display Plug and Play Emulated Memory (DPPEM) assigned for each host, the method comprising;

performing preparation sequence comprising the steps of;

reading display Plug and Play data from the display by the controller function in the KVM device;

switching the DPPEM in the KVM device to connect to said controller function;

writing display Plug and Play data into said DPPEM;

switching DPPEM devices to hosts to enable host reading of said written display Plug and Play data from said DPPEM devices;

andentering normal mode by repeating the steps of;

waiting for user selection of host channel; and

,when detecting a selection, coupling selected host to the channel DPPEM, user display and user peripherals.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a KVM (Keyboard Video Mouse) device for operation in high security environments. More specifically, this invention discloses a secure KVM built to prevent data leakages between two or more coupled computer hosts. The invention also discloses methods of operation of the secure KVM. Further more particularly, the invention presents a special secure KVM device for interacting with computers using a single user console, while preventing data leakage between the connected computers and attached networks.

45 Citations

View as Search Results

33 Claims

1. A method for supporting a plurality of host computers isolation while providing:
- user display, user peripheral devices, a keyboard and a mouse in a secure KVM device, comprising;
  
  a controller function; and
  
  a Display Plug and Play Emulated Memory (DPPEM) assigned for each host, the method comprising;
  
  performing preparation sequence comprising the steps of;
  
  reading display Plug and Play data from the display by the controller function in the KVM device;
  
  switching the DPPEM in the KVM device to connect to said controller function;
  
  writing display Plug and Play data into said DPPEM;
  
  switching DPPEM devices to hosts to enable host reading of said written display Plug and Play data from said DPPEM devices;
  
  andentering normal mode by repeating the steps of;
  
  waiting for user selection of host channel; and
  
  ,when detecting a selection, coupling selected host to the channel DPPEM, user display and user peripherals.

2. A method for supporting host computers isolation while providing:
- a first user display and a second user display, user peripheral devices, a keyboard, and a mouse in a secure KVM device comprising;
  
  a controller function;
  
  a first and second Display Plug and Play Emulated Memory devices (DPPEM) assigned for each host;
  
  a first and second video inputs for each coupled host computer; and
  
  a first and second display video ports coupled to said first and second user displays;
  
  the method comprising;
  
  system preparation comprising the steps of;
  
  reading display Plug and Play data from said first user display by the said controller function;
  
  reading display Plug and Play data from said second user display by the said controller function;
  
  switching said DPPEM devices to connect to said controller function;
  
  writing said first display Plug and Play data into said first display DPPEM device of each host port;
  
  writing said second display Plug and Play data into said second display DPPEM device of each host port;
  
  switching DPPEM to hosts to enable host reading of said written display Plug and Play data; and
  
  entering normal mode comprising repeating the steps of;
  
  waiting for user selection of host channel; and
  
  ,when detecting a selection, coupling selected host to channel DPPEM, user display and user peripherals.

3. A method for supporting n host computers isolation while providing:
- m user displays, user peripheral devices, a keyboard, and a mouse in a secure KVM device, comprising;
  
  a controller function;
  
  one Display Plug and Play Emulated Memory (DPPEM) device assigned to each one of n hosts;
  
  a selector to switch n DPPEM devices from said controller function to coupled hosts, the method comprising the steps of;
  
  reading display Plug and Play data from first said display by the said controller function;
  
  repeating previous step until controller function has completed reading m displays Plug and Play data;
  
  switching all n said DPPEM devices from said hosts to said controller function;
  
  disabling said DPPEM devices write protection;
  
  writing any display Plug and Play data into said first DPPEM device;
  
  repeating previous step until controller function has completed writing n DPPEM device;
  
  enabling all n DPPEM devices write-protection;
  
  switching all n DPPEM devices to coupled hosts;
  
  receiving user selection of selectable host to selectable display;
  
  checking by controller function if DPPEM at user selectable host port is programmed with user selectable display Plug and Play data;
  
  if not controller function performs the next five steps, andif yes controller function skips the next five steps;
  
  controller function switching user selectable host port DPPEM device from host to controller function;
  
  controller function disabling user selectable host port DPPEM device write-protection;
  
  controller function writing selectable display Plug and Play information into user selectable host port DPPEM device;
  
  controller function disabling user selectable host port DPPEM device write-protection;
  
  controller function switching user selectable host port DPPEM device from controller function back to user selectable host port;
  
  controller function switching user selectable display to user selectable host;
  
  receiving user selection of display to enable selected host to interact with user mouse and keyboard;
  
  controller switching user mouse and keyboard to selectable host; and
  
  ,repeating last ten steps for every user'"'"'s selectable display and host.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 4. The method of claim 3, wherein each said DPPEM is coupled to a mode select switch logic to enable selection between at least one of the hosts and the switching matrix;
    - orsaid controller function mode select.
  - 5. The method of claim 4, wherein all said mode select switch logic for all said DPPEM are electrically tied together to assure synchronous operation.
  - 6. The method of claim 3, wherein said DPPEM is write-protected when DPPEM is switched to one of:
    - said hosts or said switching matrix.
  - 7. The method of claim 6, wherein said DPPEM is further write-protected when controller function is reading said display plug and play data from said display.
  - 8. The method of claim 6, wherein circuitry in said secure KVM assures that when DPPEM is switched to hosts it is write-protected and isolated from to the controller function.
  - 9. The method of claim 5, wherein said assurance is achieved through a single controller function output that controls the said DPPEM mode select switch logic and the said DPPEM write-protection.
  - 10. The method of claim 3, wherein circuitry in said secure KVM electrically isolates said controller from display when controller function is writing said display Plug and Play data into said DPPEM.
  - 11. The method of claim 10 wherein said electrical isolation of display is achieved by driving isolation circuitry from a single controller function output that controls the said DPPEM mode select switch logic and the said DPPEM write-protection.
  - 12. The method of claim 10, wherein said electrical isolation of display Plug and Play is achieved by driving isolation circuitry from a single controller function output that controls the said DPPEM mode select switch logic and the said DPPEM write-protection.
  - 13. The method of claim 3, wherein all DPPEM are coupled to the said controller function through a selector switch logic controlled by the said controller function to enable all DPPEM to be coupled to a single controller function bus.
  - 14. The method of claim 13, wherein said selector switch logic is controlled by the same secure KVM channel selection lines that control video and peripheral channel selection.
  - 15. The method of claim 3, wherein all DPPEM are coupled to the said controller through a single bus and wherein DPPEM address is controlled by said controller function to enable addressed access to each DPPEM.
  - 16. The method of claim 3, wherein while secure KVM is performing said preparation sequence steps, video and peripheral switching are disabled.
  - 17. The method of claim 3, wherein after controller function reading of display Plug and Play data, and prior to writing it into the DPPEM, said controller function checks the validity of the data and stops if data found invalid.

18-30. -30. (canceled)

31. A secure KVM device for supporting a plurality of n host computers isolation while providing:
- m user displays, user peripheral devices, a keyboard, and a mouse comprising;
  
  a controller function;
  
  m Display Plug and Play Emulated Memory (DPPEM) devices assigned to each one of n hosts;
  
  a switching matrix capable of enabling connection of said m DPPEM devices to each one of n hosts; and
  
  a circuitry capable of switching said m×
  
  n DPPEM devices from said controller function to switching matrix,wherein said secure KVM device performs a method comprising the steps of;
  
  a) reading display Plug and Play data from a first display by the said controller function;
  
  b) repeating step a until controller function has completed reading m displays Plug and Play data;
  
  c) switching all said DPPEM devices from said switching matrix to said controller function;
  
  d) disabling said DPPEM devices write protection;
  
  e) writing said first display Plug and Play data into said first host first display DPPEM device;
  
  f) repeating step e for other said display Plug and Plays until writing all m display DPPEM device of first host;
  
  g) repeating steps e and f for all n hosts DPPEM;
  
  h) enabling all DPPEM devices write protection;
  
  i) switching all said DPPEM devices to said switching matrix;
  
  j) switching first display to first user selected host;
  
  k) switching said switching matrix to connect first user selected host to first display DPPEM device;
  
  l) repeating steps j and k for all said m display;
  
  and,m) switching said user peripheral devices to user selected host.

32. A secure KVM device for supporting a plurality of n host computers isolation while providing:
- m user displays, user peripheral devices, a keyboard, and a mouse comprising;
  
  a controller function;
  
  m Display Plug and Play Emulated Memory (DPPEM) devices assigned to each one of n hosts;
  
  a switching matrix capable of enabling connection of said m DPPEM devices to each one of n hosts; and
  
  a circuitry capable of switching said m×
  
  n DPPEM devices from said controller function to switching matrix,wherein said secure KVM device performs a method comprising the steps of;
  
  reading display Plug and Play data from first said display by the said controller function;
  
  switching all said DPPEM devices from said switching matrix to said controller function and disabling all DPPEM write protection;
  
  writing said first display Plug and Play data into said first host first display DPPEM device;
  
  repeating previous step for all n hosts DPPEM devices;
  
  repeating previous four steps until completed writing m display x n host DPPEM devices;
  
  switching all said DPPEM devices to said switching matrix isolating it from controller function;
  
  enabling all said DPPEM write protection;
  
  switching first display to first user selectable host;
  
  switching said switching matrix to connect first user selectable host to first display DPPEM device;
  
  repeating last two steps until m display.and,switching said user peripheral devices to user selectable host from above user selectable hosts.

33-42. -42. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
High Sec Labs Ltd
Original Assignee
High Sec Labs Ltd
Inventors
Soffer, Aviv

Granted Patent

US 9,501,157 B2
Time in Patent Office

Days
Field of Search
US Class Current

345/163
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/85   interconnection devices, e....

G06F 3/023   Arrangements for converting...

G06F 3/14   Digital output to display d...

G09G 2358/00   Arrangements for display da...

G09G 2370/047   using display data channel ...

G09G 2370/24   Keyboard-Video-Mouse [KVM] ...

SECURE KVM SYSTEM HAVING MULTIPLE EMULATED EDID FUNCTIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE KVM SYSTEM HAVING MULTIPLE EMULATED EDID FUNCTIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links