Secure KVM system having multiple emulated EDID functions
DCFirst Claim
Patent Images
1. A method for interacting with a plurality of host computers while maintaining isolation of the plurality of host computers, the method comprising:
- providing a secure Keyboard Video Mouse (KVM) device;
connecting at least a first user display, a user keyboard and a user mouse to the secure KVM device;
assigning a Display Plug and Play Emulated Memory (DPPEM) device within the secure KVM for each of the plurality of host computers;
performing a preparation sequence comprising the steps of;
a) reading display Plug and Play data from the first user display by a controller function in the secure KVM device;
b) switching the DPPEM device in the secure KVM device to connect to said controller function;
c) writing display Plug and Play data into said DPPEM device by said controller function;
d) switching said DPPEM device from said controller function to a corresponding one of the plurality of host computers to which said DPPEM device was assigned, to enable the assigned host computer reading of said written display Plug and Play data from said DPPEM devices;
entering normal mode, wherein said normal mode comprises the step of;
e) waiting for user selection of a host channel;
coupling a selected host computer to said first user display, said user keyboard, and said user mouse when said user selection is detected;
returning to step e),f) checking by said controller function to determine if a user selected DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data;
A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), andB) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v);
i) switching the user selected DPPEM device from a corresponding one of the plurality of host computers to said controller function;
ii) disabling write protection in said user selected DPPEM device;
iii) writing the user selected display Plug and Play data into said user selected DPPEM device;
iv) write protecting the user selected DPPEM device;
v) switching the user selected DPPEM device from said controller function back to the user selected host computer;
wherein mutual isolation of each of the plurality of host computers is maintained at all times.
1 Assignment
Litigations
0 Petitions
Accused Products
Abstract
The present invention discloses a KVM (Keyboard Video Mouse) device for operation in high security environments. More specifically, this invention discloses a secure KVM built to prevent data leakages between two or more coupled computer hosts. The invention also discloses methods of operation of the secure KVM. Further more particularly, the invention presents a special secure KVM device for interacting with computers using a single user console, while preventing data leakage between the connected computers and attached networks.
17 Citations
19 Claims
-
1. A method for interacting with a plurality of host computers while maintaining isolation of the plurality of host computers, the method comprising:
-
providing a secure Keyboard Video Mouse (KVM) device; connecting at least a first user display, a user keyboard and a user mouse to the secure KVM device; assigning a Display Plug and Play Emulated Memory (DPPEM) device within the secure KVM for each of the plurality of host computers; performing a preparation sequence comprising the steps of; a) reading display Plug and Play data from the first user display by a controller function in the secure KVM device; b) switching the DPPEM device in the secure KVM device to connect to said controller function; c) writing display Plug and Play data into said DPPEM device by said controller function; d) switching said DPPEM device from said controller function to a corresponding one of the plurality of host computers to which said DPPEM device was assigned, to enable the assigned host computer reading of said written display Plug and Play data from said DPPEM devices; entering normal mode, wherein said normal mode comprises the step of; e) waiting for user selection of a host channel; coupling a selected host computer to said first user display, said user keyboard, and said user mouse when said user selection is detected; returning to step e), f) checking by said controller function to determine if a user selected DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data; A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), and B) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v); i) switching the user selected DPPEM device from a corresponding one of the plurality of host computers to said controller function; ii) disabling write protection in said user selected DPPEM device; iii) writing the user selected display Plug and Play data into said user selected DPPEM device; iv) write protecting the user selected DPPEM device; v) switching the user selected DPPEM device from said controller function back to the user selected host computer; wherein mutual isolation of each of the plurality of host computers is maintained at all times.
-
-
2. A method for interacting with a plurality of host computers while maintaining isolation of the plurality of host computers, the method comprising:
-
providing a secure Keyboard Video Mouse (KVM) device; connecting at least a first user display and a second display, a user keyboard and a user mouse to said secure KVM device; connecting the plurality of host computers to said secure KVM device; assigning a first and a second Display Plug and Play Emulated Memory (DPPEM) device within the secure KVM for each of said plurality of host computers; performing a system preparation sequence comprising the steps of; a) reading first display Plug and Play data from said first user display by a controller function within said secure KVM device; b) reading second display Plug and Play data from said second user display by said controller function; c) switching said first and second DPPEM device in the secure KVM device to connect to said controller function; d) writing said first display Plug and Play data into each of said first DPPEM device of a corresponding host video port; e) writing said second display Plug and Play data into said second DPPEM device of the corresponding host video port; f) switching said first and second DPPEM devices from said controller function to said corresponding host video port to enable a corresponding one of the plurality of host computers to read said written display Plug and Play data; entering normal mode comprising repeating the steps of; g) waiting for user selection of one of said plurality of host computers to be coupled to said first user display or said second user display; h) when detecting a user selection, coupling the selected one of said plurality of host computer to the DPPEM devices of the selected host computer, and to a selected user display; returning to step g), f) checking by said controller function to determine if a user selected DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data; A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), and B) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v); i) switching the user selected DPPEM device from a corresponding one of the plurality of host computers to said controller function; ii) disabling write protection in said user selected DPPEM device; iii) writing the user selected display Plug and Play data into said user selected DPPEM device; iv) write protecting the user selected DPPEM device; v) switching the user selected DPPEM device from said controller function back to the user selected host computer; wherein mutual isolation of each of the plurality of host computers is maintained at all times.
-
-
3. A method for coupling n host computers to m user displays, while maintaining isolation of the n host computers comprising:
-
providing a secure Keyboard Video Mouse (KVM) device and performing the following steps; a) connecting the secure KVM device to m user displays, n host computers, a user keyboard and a user mouse; b) reading m display Plug and Play data from one of said m user displays by a controller function within the secure KVM device; c) repeating step b) until said controller function has completed reading all of the m display Plug and Play data from all of the m displays; d) switching n DPPEM devices within said secure KVM device to said controller function; e) disabling write protection in said n DPPEM devices; f) writing display Plug and Play data into one of said n DPPEM devices; g) repeating step f) until said controller function has completed writing display Plug and Play data into all of the n DPPEM devices; h) enabling write protection in all said n DPPEM devices; i) switching said n DPPEM devices to said m host computers; j) receiving user selection of a selected host computer to be coupled to a selectable display; k) checking by said controller function to determine if one of the n DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data; A) if said one of the n DPPEM devices is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), and B) if said one of the n DPPEM devices is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v); i) switching a user selected DPPEM device from a corresponding one of the n host computers to said controller function; ii) disabling write protection in said a user selected DPPEM device; iii) writing the user selected display Plug and Play data into said user selected DPPEM device; iv) write protecting the user selected DPPEM device; v) switching the user selected DPPEM device from said controller function back to the user selected host computer; l) switching the user selected display to the user selected host computer; m) receiving user selection of an active display to enable a corresponding host coupled to said user selected active display to interact with said user mouse and said user keyboard; n) switching said user mouse and said user keyboard to said user selected host computer; and, o) returning to step j), wherein mutual isolation of each of the plurality of host computers is maintained at all times. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A secure Keyboard Video Mouse (KVM) device for supporting n mutually isolated host computers, m user displays, a keyboard, and a mouse, the KVM device comprising:
-
a controller function; m×
n Display Plug and Play Emulated Memory (DPPEM) devices, wherein m DPPEM devices are assigned to each one of n host computers;a switching matrix configured to enable connection of said m DPPEM devices to each one of the n host computers; and a circuitry configured to switch said m×
n DPPEM devices from said controller function to the switching matrix,wherein the secure KVM device is configured to; a) reading display Plug and Play data from a first display by said controller function; b) repeat step a) until said controller function has completed reading all m displays Plug and Play data from all said m user displays; c) switch all said m×
n DPPEM devices from said switching matrix to said controller function;d) disable write protection of said m×
n DPPEM devices;e) write first display Plug and Play data into a corresponding one of said m DPPEM device assigned to a first host computer; f) repeat step e) for other one of said display Plug and Play data until writing all the m display DPPEM devices associated with the first host computer, each with data associated with a corresponding display; g) repeat steps e) and f) for all of the m DPPEM devices associated with the n host computers; h) enable all m DPPEM devices write protection; i) switch all said m DPPEM devices to said switching matrix; j) switch a first display to a first user selected host computer; k) switch said switching matrix to connect the first user selected host computer to a first DPPEM device; l) repeat step j) and k) for all of said m displays; and
,L1) checking by said controller function to determine if a user selected DPPEM device coupled to a user selected host computer is programmed with a user selected display Plug and Play data; A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), and B) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v); i) switching the user selected DPPEM device from a corresponding one of n host computers to said controller function; ii) disabling write protection in said user selected DPPEM device; iii) writing the user selected display Plug and Play data into said user selected DPPEM device; iv) write protecting the user selected DPPEM device; v) switching the user selected DPPEM device from said controller function back to the user selected host computer; m) switch a user peripheral devices to the first user selected host computer, wherein mutual isolation of each of the host computers is maintained at all times.
-
-
19. A secure Keyboard Video Mouse (KVM) device for supporting n mutually isolated host computers, m user displays, a keyboard, and a mouse, the KVM device comprising:
-
a controller function; m×
n Display Plug and Play Emulated Memory (DPPEM) devices, wherein m DPPEM devices are assigned to each one of the n host computers;a switching matrix configured to enable connecting said m×
n DPPEM devices to each one of the n host computers; anda circuitry configured to switch switching said m×
n DPPEM devices from said controller function to said switching matrix,wherein said secure KVM device is configured to; read m display Plug and Play data from said m user displays by the said controller function; write by said controller function said m display Plug and Play data, each into a corresponding DPPEM device associated with one of said n host computers while said corresponding DPPEM device is write enabled; switch all said DPPEM devices to said switching matrix and isolating said switching matrix from said controller function; enable write protection of all of said DPPEM devices; receive user selection desired coupling of host computers to corresponding user selected displays; switch said switching matrix to connect each user selected coupled host computers to the corresponding user selected display, and each of said user selected host computers to a DPPEM device assigned to said each user selected host computers which has been written with said display Plug and Play data of the corresponding user selected display; and L1) checking by said controller function to determine if a user selected DPPEM device coupled to a user selected host computer is programmed with a user selected display Plug and Play data; A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), and B) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v); i) switching the user selected DPPEM device from a corresponding one of n host computers to said controller function; ii) disabling write protection in said user selected DPPEM device; iii) writing the user selected display Plug and Play data into said user selected DPPEM device; iv) write protecting the user selected DPPEM device; v) switching the user selected DPPEM device from said controller function back to the user selected host computer; switch user peripheral devices to the user selected host computers, wherein mutual isolation of each of the host computers is maintained at all times.
-
Specification