Secure KVM system having multiple emulated EDID functions

US 9,501,157 B2
Filed: 11/10/2010
Issued: 11/22/2016
Est. Priority Date: 11/10/2009
Status: Active Grant

- Alert
- Pin

Associated Case

Associated Defendants

First Claim

Patent Images

1. A method for interacting with a plurality of host computers while maintaining isolation of the plurality of host computers, the method comprising:

providing a secure Keyboard Video Mouse (KVM) device;

connecting at least a first user display, a user keyboard and a user mouse to the secure KVM device;

assigning a Display Plug and Play Emulated Memory (DPPEM) device within the secure KVM for each of the plurality of host computers;

performing a preparation sequence comprising the steps of;

a) reading display Plug and Play data from the first user display by a controller function in the secure KVM device;

b) switching the DPPEM device in the secure KVM device to connect to said controller function;

c) writing display Plug and Play data into said DPPEM device by said controller function;

d) switching said DPPEM device from said controller function to a corresponding one of the plurality of host computers to which said DPPEM device was assigned, to enable the assigned host computer reading of said written display Plug and Play data from said DPPEM devices;

entering normal mode, wherein said normal mode comprises the step of;

e) waiting for user selection of a host channel;

coupling a selected host computer to said first user display, said user keyboard, and said user mouse when said user selection is detected;

returning to step e),f) checking by said controller function to determine if a user selected DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data;

A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), andB) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v);

i) switching the user selected DPPEM device from a corresponding one of the plurality of host computers to said controller function;

ii) disabling write protection in said user selected DPPEM device;

iii) writing the user selected display Plug and Play data into said user selected DPPEM device;

iv) write protecting the user selected DPPEM device;

v) switching the user selected DPPEM device from said controller function back to the user selected host computer;

wherein mutual isolation of each of the plurality of host computers is maintained at all times.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

The present invention discloses a KVM (Keyboard Video Mouse) device for operation in high security environments. More specifically, this invention discloses a secure KVM built to prevent data leakages between two or more coupled computer hosts. The invention also discloses methods of operation of the secure KVM. Further more particularly, the invention presents a special secure KVM device for interacting with computers using a single user console, while preventing data leakage between the connected computers and attached networks.

17 Citations

View as Search Results

19 Claims

1. A method for interacting with a plurality of host computers while maintaining isolation of the plurality of host computers, the method comprising:
- providing a secure Keyboard Video Mouse (KVM) device;
  
  connecting at least a first user display, a user keyboard and a user mouse to the secure KVM device;
  
  assigning a Display Plug and Play Emulated Memory (DPPEM) device within the secure KVM for each of the plurality of host computers;
  
  performing a preparation sequence comprising the steps of;
  
  a) reading display Plug and Play data from the first user display by a controller function in the secure KVM device;
  
  b) switching the DPPEM device in the secure KVM device to connect to said controller function;
  
  c) writing display Plug and Play data into said DPPEM device by said controller function;
  
  d) switching said DPPEM device from said controller function to a corresponding one of the plurality of host computers to which said DPPEM device was assigned, to enable the assigned host computer reading of said written display Plug and Play data from said DPPEM devices;
  
  entering normal mode, wherein said normal mode comprises the step of;
  
  e) waiting for user selection of a host channel;
  
  coupling a selected host computer to said first user display, said user keyboard, and said user mouse when said user selection is detected;
  
  returning to step e),f) checking by said controller function to determine if a user selected DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data;
  
  A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), andB) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v);
  
  i) switching the user selected DPPEM device from a corresponding one of the plurality of host computers to said controller function;
  
  ii) disabling write protection in said user selected DPPEM device;
  
  iii) writing the user selected display Plug and Play data into said user selected DPPEM device;
  
  iv) write protecting the user selected DPPEM device;
  
  v) switching the user selected DPPEM device from said controller function back to the user selected host computer;
  
  wherein mutual isolation of each of the plurality of host computers is maintained at all times.

2. A method for interacting with a plurality of host computers while maintaining isolation of the plurality of host computers, the method comprising:
- providing a secure Keyboard Video Mouse (KVM) device;
  
  connecting at least a first user display and a second display, a user keyboard and a user mouse to said secure KVM device;
  
  connecting the plurality of host computers to said secure KVM device;
  
  assigning a first and a second Display Plug and Play Emulated Memory (DPPEM) device within the secure KVM for each of said plurality of host computers;
  
  performing a system preparation sequence comprising the steps of;
  
  a) reading first display Plug and Play data from said first user display by a controller function within said secure KVM device;
  
  b) reading second display Plug and Play data from said second user display by said controller function;
  
  c) switching said first and second DPPEM device in the secure KVM device to connect to said controller function;
  
  d) writing said first display Plug and Play data into each of said first DPPEM device of a corresponding host video port;
  
  e) writing said second display Plug and Play data into said second DPPEM device of the corresponding host video port;
  
  f) switching said first and second DPPEM devices from said controller function to said corresponding host video port to enable a corresponding one of the plurality of host computers to read said written display Plug and Play data;
  
  entering normal mode comprising repeating the steps of;
  
  g) waiting for user selection of one of said plurality of host computers to be coupled to said first user display or said second user display;
  
  h) when detecting a user selection, coupling the selected one of said plurality of host computer to the DPPEM devices of the selected host computer, and to a selected user display;
  
  returning to step g),f) checking by said controller function to determine if a user selected DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data;
  
  A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), andB) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v);
  
  i) switching the user selected DPPEM device from a corresponding one of the plurality of host computers to said controller function;
  
  ii) disabling write protection in said user selected DPPEM device;
  
  iii) writing the user selected display Plug and Play data into said user selected DPPEM device;
  
  iv) write protecting the user selected DPPEM device;
  
  v) switching the user selected DPPEM device from said controller function back to the user selected host computer;
  
  wherein mutual isolation of each of the plurality of host computers is maintained at all times.

3. A method for coupling n host computers to m user displays, while maintaining isolation of the n host computers comprising:
- providing a secure Keyboard Video Mouse (KVM) device and performing the following steps;
  
  a) connecting the secure KVM device to m user displays, n host computers, a user keyboard and a user mouse;
  
  b) reading m display Plug and Play data from one of said m user displays by a controller function within the secure KVM device;
  
  c) repeating step b) until said controller function has completed reading all of the m display Plug and Play data from all of the m displays;
  
  d) switching n DPPEM devices within said secure KVM device to said controller function;
  
  e) disabling write protection in said n DPPEM devices;
  
  f) writing display Plug and Play data into one of said n DPPEM devices;
  
  g) repeating step f) until said controller function has completed writing display Plug and Play data into all of the n DPPEM devices;
  
  h) enabling write protection in all said n DPPEM devices;
  
  i) switching said n DPPEM devices to said m host computers;
  
  j) receiving user selection of a selected host computer to be coupled to a selectable display;
  
  k) checking by said controller function to determine if one of the n DPPEM device coupled to the user selected host computer is programmed with a user selected display Plug and Play data;
  
  A) if said one of the n DPPEM devices is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), andB) if said one of the n DPPEM devices is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v);
  
  i) switching a user selected DPPEM device from a corresponding one of the n host computers to said controller function;
  
  ii) disabling write protection in said a user selected DPPEM device;
  
  iii) writing the user selected display Plug and Play data into said user selected DPPEM device;
  
  iv) write protecting the user selected DPPEM device;
  
  v) switching the user selected DPPEM device from said controller function back to the user selected host computer;
  
  l) switching the user selected display to the user selected host computer;
  
  m) receiving user selection of an active display to enable a corresponding host coupled to said user selected active display to interact with said user mouse and said user keyboard;
  
  n) switching said user mouse and said user keyboard to said user selected host computer;
  
  and, o) returning to step j),wherein mutual isolation of each of the plurality of host computers is maintained at all times.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 4. The method of claim 3, wherein each of said DPPEM devices is coupled to a mode select switch logic to enable selection between at leastone of the host computers and a switching matrix within said secure KVM device;
    - or said or said controller function mode select.
  - 5. The method of claim 4, wherein said mode select switch logic for all said DPPEM devices are electrically tied together to assure synchronous operation.
  - 6. The method of claim 4, wherein each of said DPPEM devices is write protected when the DPPEM devices switched to one of:
    - said host computers or said switching matrix.
  - 7. The method of claim 6, wherein each of said DPPEM devices is further write-protected when said controller function is reading said display plug and play data from any one of said m user displays.
  - 8. The method of claim 6, wherein circuitry in said secure KVM assures that when a DPPEM device is switched to any one of said n host computers the DPPEM device is write-protected and isolated from said controller function.
  - 9. The method of claim 8, wherein said assurance is achieved through a single controller function output that controls said DPPEM mode select switch logic and write protection of said DPPEM devices.
  - 10. The method of claim 3, wherein circuitry in said secure KVM electrically isolates said controller function from any of said m user displays when said controller function is writing said display Plug and Play data into said DPPEM devices.
  - 11. The method of claim 10 wherein said electrical isolation of said m user displays is achieved by driving isolation circuitry from a single controller function output that controls said DPPEM mode select switch logic and write protection of said DPPEM devices.
  - 12. The method of claim 10, wherein said electrical isolation of said display Plug and Play devices is achieved by driving isolation circuitry from a single controller function output that controls said DPPEM mode select switch logic and write protection of said DPPEM devices.
  - 13. The method of claim 3, wherein all of said DPPEM devices are coupled to said controller function through a selector switch logic controlled by said controller function to enable all of the DPPEM devices to be coupled to a single controller function bus.
  - 14. The method of claim 13, wherein said selector switch logic is controlled by a secure KVM channel selection lines that control video and peripheral channel selection.
  - 15. The method of claim 3, wherein all of said DPPEM are coupled to said controller function through a single bus and wherein a DPPEM address is controlled by said controller function to enable addressed access to each of said DPPEM devices.
  - 16. The method of claim 3, wherein while the secure KVM is performing said preparation sequence steps, video and peripheral switching are disabled.
  - 17. The method of claim 3, wherein after said controller function reading of display Plug and Play data, and prior to writing said display Plug and Play data into one of said DPPEM devices, said controller function checks the validity of the data and stops if data was found invalid.

18. A secure Keyboard Video Mouse (KVM) device for supporting n mutually isolated host computers, m user displays, a keyboard, and a mouse, the KVM device comprising:
- a controller function;
  
  m×
  
  n Display Plug and Play Emulated Memory (DPPEM) devices, wherein m DPPEM devices are assigned to each one of n host computers;
  
  a switching matrix configured to enable connection of said m DPPEM devices to each one of the n host computers; and
  
  a circuitry configured to switch said m×
  
  n DPPEM devices from said controller function to the switching matrix,wherein the secure KVM device is configured to;
  
  a) reading display Plug and Play data from a first display by said controller function;
  
  b) repeat step a) until said controller function has completed reading all m displays Plug and Play data from all said m user displays;
  
  c) switch all said m×
  
  n DPPEM devices from said switching matrix to said controller function;
  
  d) disable write protection of said m×
  
  n DPPEM devices;
  
  e) write first display Plug and Play data into a corresponding one of said m DPPEM device assigned to a first host computer;
  
  f) repeat step e) for other one of said display Plug and Play data until writing all the m display DPPEM devices associated with the first host computer, each with data associated with a corresponding display;
  
  g) repeat steps e) and f) for all of the m DPPEM devices associated with the n host computers;
  
  h) enable all m DPPEM devices write protection;
  
  i) switch all said m DPPEM devices to said switching matrix;
  
  j) switch a first display to a first user selected host computer;
  
  k) switch said switching matrix to connect the first user selected host computer to a first DPPEM device;
  
  l) repeat step j) and k) for all of said m displays; and
  
  ,L1) checking by said controller function to determine if a user selected DPPEM device coupled to a user selected host computer is programmed with a user selected display Plug and Play data;
  
  A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), andB) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v);
  
  i) switching the user selected DPPEM device from a corresponding one of n host computers to said controller function;
  
  ii) disabling write protection in said user selected DPPEM device;
  
  iii) writing the user selected display Plug and Play data into said user selected DPPEM device;
  
  iv) write protecting the user selected DPPEM device;
  
  v) switching the user selected DPPEM device from said controller function back to the user selected host computer;
  
  m) switch a user peripheral devices to the first user selected host computer, wherein mutual isolation of each of the host computers is maintained at all times.

19. A secure Keyboard Video Mouse (KVM) device for supporting n mutually isolated host computers, m user displays, a keyboard, and a mouse, the KVM device comprising:
- a controller function;
  
  m×
  
  n Display Plug and Play Emulated Memory (DPPEM) devices, wherein m DPPEM devices are assigned to each one of the n host computers;
  
  a switching matrix configured to enable connecting said m×
  
  n DPPEM devices to each one of the n host computers; and
  
  a circuitry configured to switch switching said m×
  
  n DPPEM devices from said controller function to said switching matrix,wherein said secure KVM device is configured to;
  
  read m display Plug and Play data from said m user displays by the said controller function;
  
  write by said controller function said m display Plug and Play data, each into a corresponding DPPEM device associated with one of said n host computers while said corresponding DPPEM device is write enabled;
  
  switch all said DPPEM devices to said switching matrix and isolating said switching matrix from said controller function;
  
  enable write protection of all of said DPPEM devices;
  
  receive user selection desired coupling of host computers to corresponding user selected displays;
  
  switch said switching matrix to connect each user selected coupled host computers to the corresponding user selected display, and each of said user selected host computers to a DPPEM device assigned to said each user selected host computers which has been written with said display Plug and Play data of the corresponding user selected display; and
  
  L1) checking by said controller function to determine if a user selected DPPEM device coupled to a user selected host computer is programmed with a user selected display Plug and Play data;
  
  A) if said user selected DPPEM device is not programmed with the user selected display Plug and Play data, then said controller function performs the next five steps i) to v), andB) if said user selected DPPEM device is programmed with the user selected display Plug and Play data, then said controller function skips the next five steps i) to v);
  
  i) switching the user selected DPPEM device from a corresponding one of n host computers to said controller function;
  
  ii) disabling write protection in said user selected DPPEM device;
  
  iii) writing the user selected display Plug and Play data into said user selected DPPEM device;
  
  iv) write protecting the user selected DPPEM device;
  
  v) switching the user selected DPPEM device from said controller function back to the user selected host computer;
  
  switch user peripheral devices to the user selected host computers, wherein mutual isolation of each of the host computers is maintained at all times.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
High Sec Labs Ltd
Original Assignee
High Sec Labs Ltd
Inventors
Soffer, Aviv
Primary Examiner(s)
Thangavelu, Kandasamy
Assistant Examiner(s)
Louis, Andre Pierre

Application Number

US13/509,193
Publication Number

US 20130050084A1
Time in Patent Office

2,204 Days
Field of Search

703/21, 703/22, 703/23
US Class Current

1/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/85   interconnection devices, e....

G06F 3/023   Arrangements for converting...

G06F 3/14   Digital output to display d...

G09G 2358/00   Arrangements for display da...

G09G 2370/047   using display data channel ...

G09G 2370/24   Keyboard-Video-Mouse [KVM] ...

Secure KVM system having multiple emulated EDID functions

First Claim

1 Assignment

Litigations

0 Petitions

Accused Products

Abstract

17 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure KVM system having multiple emulated EDID functions

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links