A computing system, a secure peripheral sharing device, a remote console subsystem and a method for operating a remote console over a secure peripheral sharing device is disclosed. The computing system comprising a plurality of hosts; a console comprising at least a keyboard, a mouse and a display; a secure peripheral sharing device; and a remote console subsystem comprising at least another keyboard, another mouse and another display. The secure peripheral sharing device is configured to be connected to the console and the plurality of hosts, the peripheral sharing device is configured to be coupled to the remote console subsystem that is located away from the peripheral sharing device, and the secure peripheral sharing device is configured to connect or couple between either the console or the remote console subsystem and an active host of the plurality of hosts.
G06F 3/02 - Dispositions d'entrée utilisant des interrupteurs actionnés manuellement, p.ex. des claviers ou des cadrans
G06F 13/10 - Commande par programme pour dispositifs périphériques
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p.ex. claviers, souris ou commandes desdits claviers ou souris
2.
METHOD AND APPARATUS FOR SECURING POWER DELIVERY SIDE CHANNEL
A method, security agents, devices and medium for securing devices using combined power data (CPD) protocols that support power delivery side channels. The method/devices/medium comprise one or more security agents that perform at least one of or any combination of: monitoring the signaling and power on the power delivery pins; analyzing the power delivery protocol traffic to detect cyber-security events; detecting malicious activity on the power delivery protocol; filtering or blocking specific type of packets or messages with specific data payload; enforcing unidirectional data flow on the power delivery protocol; logging, auditing and archiving events on the power delivery protocol; locking or disconnecting suspicious devices; preventing activation of some power delivery modes; disabling firmware updates through power delivery protocol; enabling firmware updates through power delivery protocol only in the presence or with a confirmation of a setup device; and allowing passage of only specific type of packets or messages with specific data payloads.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 11/00 - Détection d'erreurs; Correction d'erreurs; Contrôle de fonctionnement
G06F 12/14 - Protection contre l'utilisation non autorisée de mémoire
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
3.
SYSTEM AND METHOD FOR SECURE COPY-AND-PASTE OPERTIONS BETWEEN HOSTS THROUGH A PERIPHERAL SHARING DEVICE
A peripheral sharing device for supporting secure copy-paste operations between hosts comprising: a plurality of copy-emulators and a plurality of paste emulators, configured each to be connected to a copy-paste driver, wherein each copy-paste driver is running on one of a plurality of hosts that are connected to the peripheral sharing device, and the copy-paste driver is configured to fetch or store clipboard objects from the clipboard of the corresponding host, a security bridge that is configured to securely pass clipboard objects between pairs of copy emulator and paste emulator. The security bridge performs security operations, such as, enforce unidirectional data transfer of the clipboard object, monitor the clipboard object and enable or disable the copy- paste operation according to a set of security rules; enable or disable the copy-paste operation according to security policy, analyze clipboard object traffic to detect cybersecurity events, locking suspicious peripheral sharing devices, and preventing clipboard object transfer between pairs of copy-paste controllers according to security rules. The copy emulator receives the clipboard object from the copy-paste driver of a first host, transfer the clipboard object to the security bridge and conditioned upon passing the security conditions the security bridge transfer the clipboard object to the paste emulator that further pass the clipboard object to a second computer's copy-paste driver.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
A modular keyboard video and mouse (KVM) switching system comprises a core KVM switch module, one or more console peripheral interface modules (CPIM) and one or more host computer interface modules (HIM). The CPIM interfaces console peripheral devices to the core KVM switch module and the HIM interfaces host computer to the core KVM switch module. Changing of console peripheral devices or host computer involves adapting a corresponding CPIM or HIM without changing the core KVM switch module.
G06F 3/023 - Dispositions pour convertir sous une forme codée des éléments d'information discrets, p.ex. dispositions pour interpréter des codes générés par le clavier comme codes alphanumériques, comme codes d'opérande ou comme codes d'instruction
G06F 3/038 - Dispositions de commande et d'interface à cet effet, p.ex. circuits d'attaque ou circuits de contrôle incorporés dans le dispositif
5.
SYSTEM AND METHOD FOR DETECTION AND PREVENTION OF CYBER ATTACKS AT IN-VEHICLE NETWORKS
A cyber security system for in-vehicle networks comprises a plurality of electronic control units (ECUs) communicating via a vehicle bus. The system comprises a plurality of bus security units (BSUs), wherein each BSU is configured to be connected between the vehicle bus and one of the ECUs, and the BSUs communicating via a security bus separate from the vehicle bus. Each BSU is configured to monitor the activity of the corresponding ECU, on the vehicle bus, send the monitored activity to another BSU on the security bus and detect abnormal communication on the vehicle bus.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
A method for securing an off-the-shelf smartphone, a secure communication system, and a security insert is provided. The method comprises removing the battery from the off-the-shelf smartphone and inserting the security insert to the battery compartment. The security insert comprises cryptographic module. The method further comprises modifying off-the-shelf smartphone and providing a power and data connection between the security insert and the smartphone. The secure communication system wirelessly transmits outgoing cellular encrypted black data, which is encrypted by the cryptographic module, from the modified off-the-shelf smartphone to a cellular network, and decrypts, by the cryptographic module, incoming cellular black data receives from the cellular network to the modified off-the-shelf smartphone. The security insert enclosure configured to be deployed in a battery compartment.
H04M 1/72409 - Interfaces utilisateur spécialement adaptées aux téléphones sans fil ou mobiles avec des moyens de soutien local des applications accroissant la fonctionnalité par interfaçage avec des accessoires externes
A system incorporating a smartphone comprising a smartphone and add-on device coupled to each other via combined data/power interface, wherein the smartphone comprises a rechargeable battery connected to battery protection circuitry and the add-on device optionally comprises a rechargeable battery connected to battery protection circuitry as well, the combined data/power interface comprises: one or more data pins for transferring data between the smartphone and the add-on device; one or more regulated power delivery pins; and one or more protected-battery power delivery pins, wherein the regulated power delivery pins are used to charge the battery of the smartphone from an external charger coupled to the add-on device, the batteries are connected to the battery protection circuitries that is configured to protect the battery by cutoff or limit the current or voltage on the battery electrodes, the protected-battery power delivery pins are connected to the battery protection circuitries of the smartphone or add-on device. The following power delivery paths are enabled: (1) the add-on device is powered by the battery of the smartphone through the protected- battery power delivery pins that are connected to the output of the battery protection circuitry of the smartphone. (2) the smartphone is powered by the battery of the add-on device through the protected-battery power delivery pins that are connected to the output of the battery protection circuitry of the add-on device, and (3) the batteries charge each other through the protected-battery power delivery pins that are connected to the output of the battery protection circuitries of smartphone and add-on devices.
A secure audio switch comprising: a plurality of host computer interfaces, each for interfacing the secure audio switch with a corresponding host computer, for receiving audio signals from said corresponding host computer; a user audio interface, for interfacing the secure audio switch with at least one user audio device, wherein said at least one user audio device comprises at least one of a speaker or an earphone; an Audio Output Channel (AOC), coupled to said user audio interface comprises audio security device to reduce data leak by intentionally reducing data rate capable of flowing through said AOC to a maximum rate comparable to the minimal rate required for reproducing human speech, and forcing audio data flow only in the direction to said user audio interface; a monitor and control unit, for receiving user's selection of a selected one of said plurality of host computer to be interfaced with said user audio interface, and indicating to the user which of said hosts is currently selected to be interfaced with said user audio interface; and an audio MUX, receiving user selection of the host selected to be interfaced with said user audio interface from said monitor and control unit, and in response, coupling only said selected host computer interface to said AOC.
G10L 19/02 - Techniques d'analyse ou de synthèse de la parole ou des signaux audio pour la réduction de la redondance, p.ex. dans les vocodeurs; Codage ou décodage de la parole ou des signaux audio utilisant les modèles source-filtre ou l’analyse psychoacoustique utilisant l'analyse spectrale, p.ex. vocodeurs à transformée ou vocodeurs à sous-bandes
A secure cellular communication system comprises a modified smartphone mated with a security pack. A Cryptographic module within the security pack encrypts all cellular outgoing data and decrypts cellular incoming data. The modified smartphone is modified to rout all cellular outgoing data and incoming data via the Cryptographic module within the security pack. The cellular MODEM may reside within the security pack while the phone's cellular MODEM is disabled, or the phone's cellular MODEM may be used.
H04B 1/3888 - Dispositions pour le transport ou la protection d’émetteurs-récepteurs
H04W 4/80 - Services utilisant la communication de courte portée, p.ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04M 1/19 - Dispositions de microphones, écouteurs, ou appareils complets pour empêcher l'écoute indiscrète, pour atténuer le bruit ou pour empêcher la transmission indésirable; Embouchures ou écouteurs spécialement adaptés à cet effet
H04B 1/38 - TRANSMISSION - Détails des systèmes de transmission non caractérisés par le milieu utilisé pour la transmission Émetteurs-récepteurs, c. à d. dispositifs dans lesquels l'émetteur et le récepteur forment un ensemble structural et dans lesquels au moins une partie est utilisée pour des fonctions d'émission et de réception
H04M 1/02 - Caractéristiques de structure des appareils téléphoniques
G06F 21/45 - Structures ou outils d’administration de l’authentification
A portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure. One computer module is for Higher-Security applications (refer higher-security to as "red ") and the other is for Lower-Security applications such as email and internet (refer lower-security to as "black" ). The two modules are coupled together to secure Peripheral Sharing Switch that enables intuitive user interaction while minimizing the security risk resulted from sharing same peripheral device.
G06F 21/70 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/82 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion
G06F 21/84 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’affichage, p.ex. écrans ou moniteurs
G06F 21/74 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information opérant en mode dual ou compartimenté, c. à d. avec au moins un mode sécurisé
G06F 13/00 - Interconnexion ou transfert d'information ou d'autres signaux entre mémoires, dispositifs d'entrée/sortie ou unités de traitement
G06F 13/10 - Commande par programme pour dispositifs périphériques
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A method for securing a KVM Matrix system by inserting a plurality of input security isolators, each of the input security isolators is placed between a host computer and matrix host adapter of the KVM matrix system to enforce security data flow policy that is applicable for the corresponding host computer. Additionally, a security isolator is placed between peripheral devices and a matrix console adapter to enforce security data flow policy that is applicable for the corresponding peripheral devices.
G06F 13/00 - Interconnexion ou transfert d'information ou d'autres signaux entre mémoires, dispositifs d'entrée/sortie ou unités de traitement
G06F 13/10 - Commande par programme pour dispositifs périphériques
G06F 13/38 - Transfert d'informations, p.ex. sur un bus
G06F 3/00 - Dispositions d'entrée pour le transfert de données destinées à être traitées sous une forme maniable par le calculateur; Dispositions de sortie pour le transfert de données de l'unité de traitement à l'unité de sortie, p.ex. dispositions d'interface
G06F 3/023 - Dispositions pour convertir sous une forme codée des éléments d'information discrets, p.ex. dispositions pour interpréter des codes générés par le clavier comme codes alphanumériques, comme codes d'opérande ou comme codes d'instruction
G06F 21/82 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p.ex. les dispositifs connectés à un bus ou les dispositifs en ligne
G06F 21/70 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur
G06F 21/71 - Protection de composants spécifiques internes ou périphériques, où la protection d'un composant mène à la protection de tout le calculateur pour assurer la sécurité du calcul ou du traitement de l’information
G06F 21/50 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation
12.
METHOD AND APPARATUS FOR SECURING VOICE OVER IP TELEPHONE DEVICE
A security implant device and a method of operation of the security implant, for securing Voice over IP (Vo IP) phone, the implant device disables audio input and output components of the Vo IP phone in order to prevent audio eavesdropping.
A meeting room power and multi-media center device having one or more wired or wirelessly connected displays or projectors selectively connected to one or more plurality of connected computers. The device provides user indications of qualified input video signals and enables remote control through wirelessly connected remote controller device. The device also provides AC power jacks and USB power jacks to power and charge various portable devices. Another embodiment of the current invention provides similar device further having video processing function to display multiple video sources simultaneously on one or more displays or projectors.
A serial protocol based Docking device having a single set of user peripherals supports multiple removable host computers having different video output types and different operating systems. The device provides mouse tracking function that switches the keyboard and mouse to the different host computers when the cursor is moved by the user across the respective display boundary. The docking device provides file-sharing and cut- and-paste functions across the different docked host computers. Laptops, tabletops as well as Smartphones, tablets and other forms of portable platforms are supported. Dragging an item from a display designated to a first host computer to a display designated to a second host computer performs moving or copying the item from the first host to the second host.
Single Optical Fiber KVM (Keyboard Video Mouse) systems are provided that comprises of two subsystems: an electro-optical transmitter subsystem and an electro-optical receiver subsystem. The single optical fiber KVM is configured to support all required bi- directional communications.
A system enabling a computer user to securely share a single set of keyboard and mouse (KM) among multiple isolated computers. The system enables one set of peripheral devices to independently interact with multiple coupled isolated computers through mouse position analysis on a virtual display area corresponding to multiple physical user displays of the particular installation. The system may be used to enable computer user having multiple isolated computers each with one or more coupled display to automatically switch a single set of keyboard mouse and other peripheral devices between the different computers. As isolated computers may have different security levels, the method and apparatus of the present invention prevents and potential data leakages between computers and coupled networks.
A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.
G06F 21/34 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p.ex. claviers, souris ou commandes desdits claviers ou souris
G06F 21/84 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’affichage, p.ex. écrans ou moniteurs
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p.ex. les dispositifs connectés à un bus ou les dispositifs en ligne
G06F 3/14 - Sortie numérique vers un dispositif de visualisation
18.
SECURE KVM SYSTEM HAVING REMOTE CONTROLLER-INDICATOR
As KVMs (Keyboard Video Mouse) may be abused by attackers to bridge or leak between isolated networks, Secure KVM typically used having isolated circuitry for each computer channel to reduce its vulnerability to leakages between channels. To enable remote installation of a KVM with isolated computers a remote Controller-Indicator is needed in order to present to the user the KVM front panel indications and to enable certain control functions. The current invention provides a KVM switch capable of providing secure remote extension of KVM control and indication functions. Another object of the present invention is to provide a KVM switch having secure remote extension of the complete user console with support of: remote keyboard, mouse, one or more displays, smart-card reader, audio devices, KVM control and KVM monitoring.
G06F 21/04 - par protection de périphériques spécifiques, p.ex. de claviers ou de dispositifs d'affichage
G06F 3/023 - Dispositions pour convertir sous une forme codée des éléments d'information discrets, p.ex. dispositions pour interpréter des codes générés par le clavier comme codes alphanumériques, comme codes d'opérande ou comme codes d'instruction
19.
SECURE KVM SYSTEM HAVING MULTIPLE EMULATED EDID FUNCTIONS
The present invention discloses a KVM (Keyboard Video Mouse) device for operation in high security environments. More specifically, this invention discloses a secure KVM built to prevent data leakages between two or more coupled computer hosts. The invention also discloses methods of operation of the secure KVM. Further more particularly, the invention presents a special secure KVM device for interacting with computers using a single user console, while preventing data leakage between the connected computers and attached networks.
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p.ex. claviers, souris ou commandes desdits claviers ou souris
G06F 21/85 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’interconnexion, p.ex. les dispositifs connectés à un bus ou les dispositifs en ligne