A peripheral sharing device for supporting secure copy-paste operations between hosts comprising: a plurality of copy-emulators and a plurality of paste emulators, configured cach to be connected to a copy-paste driver, wherein cach copy-paste driver is running on one of a plurality of hosts that are connected to the peripheral sharing device, and the copy-paste driver is configured to fetch or store clipboard objects from the clipboard of the corresponding host, a security bridge that is configured to securely pass clipboard objects between pairs of copy emulator and paste emulator. The security bridge performs security operations, such as, enforce unidirectional data transfer of the clipboard object, monitor the clipboard object and enable or disable the copy-paste operation according to a set of security rules; enable or disable the copy-paste operation according to security policy, analyze clipboard object traffic to detect cybersecurity events, locking suspicious peripheral sharing devices, and preventing clipboard object transfer between pairs of copy-paste controllers according to security rules. The copy emulator receives the clipboard object from the copy-paste driver of a first host, transfer the clipboard object to the security bridge and conditioned upon passing the security conditions the security bridge transfer the clipboard object to the paste emulator that further pass the clipboard object to a second computer's copy-paste driver.
A computing system, a secure peripheral sharing device, a remote console subsystem and a method for operating a remote console over a secure peripheral sharing device is disclosed. The computing system comprising a plurality of hosts; a console comprising at least a keyboard, a mouse and a display; a secure peripheral sharing device; and a remote console subsystem comprising at least another keyboard, another mouse and another display. The secure peripheral sharing device is configured to be connected to the console and the plurality of hosts, the peripheral sharing device is configured to be coupled to the remote console subsystem that is located away from the peripheral sharing device, and the secure peripheral sharing device is configured to connect or couple between either the console or the remote console subsystem and an active host of the plurality of hosts. The peripheral sharing device is configured to switch any one of the plurality of hosts to become the active host. The method receiving requests for open new remote console sessions and upon such request open a remote console session in both the side of the secure peripheral sharing device and the remote console subsystem, and as long as the remote session is active the method performs continuously: receiving video stream from the active host and transferring the video stream to the second display; receiving a keyboard and mouse data from the second keyboard and the second mouse and transferring the keyboard and mouse data to the active host; and upon receiving active host switching commands from a user, switching the active host. The method is receiving requests for close remote console sessions and upon such request close the remote console session and resume working of active host with the console.
A computing system, a secure peripheral sharing device, a remote console subsystem and a method for operating a remote console over a secure peripheral sharing device is disclosed. The computing system comprising a plurality of hosts; a console comprising at least a keyboard, a mouse and a display; a secure peripheral sharing device; and a remote console subsystem comprising at least another keyboard, another mouse and another display. The secure peripheral sharing device is configured to be connected to the console and the plurality of hosts, the peripheral sharing device is configured to be coupled to the remote console subsystem that is located away from the peripheral sharing device, and the secure peripheral sharing device is configured to connect or couple between either the console or the remote console subsystem and an active host of the plurality of hosts.
A modular keyboard video and mouse (KVM) switching system comprises a core KVM switch module, one or more console peripheral interface modules (CPIM) and one or more host computer interface modules (HIM). The CPIM interfaces console peripheral devices to the core KVM switch module and the HIM interfaces host computer to the core KVM switch module Changing of console peripheral devices or host computer involves adapting a corresponding CPIM or HIM without changing the core KVM switch module.
A method, security agents, devices and medium for securing devices using combined power data (CPD) protocols that support power delivery side channels. The method/devices/medium comprise one or more security agents that perform at least one of or any combination of: monitoring the signaling and power on the power delivery pins; analyzing the power delivery protocol traffic to detect cyber-security events; detecting malicious activity on the power delivery protocol; filtering or blocking specific type of packets or messages with specific data payload; enforcing unidirectional data flow on the power delivery protocol; logging, auditing and archiving events on the power delivery protocol; locking or disconnecting suspicious devices; preventing activation of some power delivery modes; disabling firmware updates through power delivery protocol; enabling firmware updates through power delivery protocol only in the presence or with a confirmation of a setup device; and allowing passage of only specific type of packets or messages with specific data payloads.
A peripheral sharing device for supporting secure copy-paste operations between hosts comprising: a plurality of copy-emulators and a plurality of paste emulators, configured each to be connected to a copy-paste driver, wherein each copy-paste driver is running on one of a plurality of hosts that are connected to the peripheral sharing device, and the copy-paste driver is configured to fetch or store clipboard objects from the clipboard of the corresponding host, a security bridge that is configured to securely pass clipboard objects between pairs of copy emulator and paste emulator. The security bridge performs security operations, such as, enforce unidirectional data transfer of the clipboard object, monitor the clipboard object and enable or disable the copy- paste operation according to a set of security rules; enable or disable the copy-paste operation according to security policy, analyze clipboard object traffic to detect cybersecurity events, locking suspicious peripheral sharing devices, and preventing clipboard object transfer between pairs of copy-paste controllers according to security rules. The copy emulator receives the clipboard object from the copy-paste driver of a first host, transfer the clipboard object to the security bridge and conditioned upon passing the security conditions the security bridge transfer the clipboard object to the paste emulator that further pass the clipboard object to a second computer's copy-paste driver.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
7.
Enhanced security apparatus for mediation between console peripheral devices and hosts
A secure mediator for coupling between one or more hosts and one or more consoles comprising one or more peripheral devices. the secure mediator comprises host side ports, each host side port is configured to be connected to a corresponding host, and console side ports, each console side port is configured to be connected to a corresponding peripheral device. The secure mediator comprises: a triggering circuitry; a timing/control circuitry; a setup circuitry; a switching circuitry; and the rest of the mediator circuitries, wherein the triggering circuitry, timing/control circuitry, setup circuitry, and switching circuitry are non-programable circuitries. The mediator has at least two stages: a security setup stage and a normal operation stage. The triggering circuitry is configured to monitor events and to signal these events to the timing/control circuitry in order to trigger a transfer between the security setup stage and the normal operation stage. The timing/control circuitry controls the execution of the security setup stage and transfers the mediator between the security setup stage and the normal operation stage. The setup circuitry performs one or more security functions in the security setup stage to enhance the cyber security of mediator. The switching circuitry, conditioned upon control from the timing/control circuitry, switches between the coupling of: (1) at least one of the host side ports with at least two of any one of (a) the setup circuitry; (b) the rest of the mediator circuitries; (c) one of the console side ports; (d) a null port, and (2) at least one of the console side ports with at least two of any one of (a) the setup circuitry; (b) the rest of the mediator circuitries; (c) one of the host side ports; (d) a null port.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/76 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
A method for securing an off-the-shelf smartphone, a secure communication system, and a security insert is provided. The method comprises removing the battery from the off-the-shelf smartphone and inserting the security insert to the battery compartment. The security insert comprises cryptographic module. The method further comprises modifying off-the-shelf smartphone and providing a power and data connection between the security insert and the smartphone. The secure communication system wirelessly transmits outgoing cellular encrypted black data, which is encrypted by the cryptographic module, from the modified off-the-shelf smartphone to a cellular network, and decrypts, by the cryptographic module, incoming cellular black data receives from the cellular network to the modified off-the-shelf smartphone. The security insert enclosure configured to be deployed in a battery compartment.
H04M 1/72409 - User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
H04M 1/02 - Constructional features of telephone sets
H04M 1/19 - Arrangements of transmitters, receivers, or complete sets to prevent eavesdropping, to attenuate local noise or to prevent undesired transmissionMouthpieces or receivers specially adapted therefor
H04M 1/675 - Preventing unauthorised calls from a telephone set by electronic means the user being required to insert a coded card, e.g. a smart card carrying an integrated circuit chip
H04M 1/72412 - User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories using two-way short-range wireless interfaces
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04W 12/03 - Protecting confidentiality, e.g. by encryption
H04W 12/43 - Security arrangements using identity modules using shared identity modules, e.g. SIM sharing
9.
System and method for detection and prevention of cyber attacks at in-vehicle networks
A cyber security system for in-vehicle networks comprises a plurality of electronic control units (ECUs) communicating via a vehicle bus. The system comprises a plurality of bus security units (BSUs), wherein each BSU is configured to be connected between the vehicle bus and one of the ECUs, and the BSUs communicating via a security bus separate from the vehicle bus. Each BSU is configured to monitor the activity of the corresponding ECU, on the vehicle bus, send the monitored activity to another BSU on the security bus and detect abnormal communication on the vehicle bus.
A wireless communication system comprising a smartphone comprising antenna system, and an add-on device that is configured to be attached to the smartphone, wherein, the add-on device comprises, a wireless communication module configured to transmit and receive RF communication signals, and an antenna coupling system that couples between the wireless communication module and the smartphone's antenna system in order to at least transmit or receive the RF communication signals by the smartphone's antenna system, the antenna coupling system couples the RF communication signals by at least one of or the combination of (a) conduction with the enclosure of the smartphone, and (b) induction between the add-on device and the smartphone.
A system incorporating a smartphone and an add-on device coupled to each other via combined data/power interface, the smartphone having a rechargeable battery connected to battery protection circuitry and the add-on device optionally having a rechargeable battery connected to battery protection circuitry as well, the combined data/power interface having one or more data pins for transferring data between the smartphone and the add-on device, one or more regulated power delivery pins, and one or more protected-battery power delivery pins, wherein the regulated power delivery pins are used to charge the battery of the smartphone from an external charger coupled to the add-on device, the batteries are connected to the battery protection circuitries that is configured to protect the battery by cutoff or limit the current or voltage on the battery electrodes, and the protected-battery power delivery pins are connected to the battery protection circuitries of the smartphone or add-on device.
A system incorporating a smartphone comprising a smartphone and add-on device coupled to each other via combined data/power interface, wherein the smartphone comprises a rechargeable battery connected to battery protection circuitry and the add-on device optionally comprises a rechargeable battery connected to battery protection circuitry as well, the combined data/power interface comprises: one or more data pins for transferring data between the smartphone and the add-on device; one or more regulated power delivery pins; and one or more protected-battery power delivery pins, wherein the regulated power delivery pins are used to charge the battery of the smartphone from an external charger coupled to the add-on device, the batteries are connected to the battery protection circuitries that is configured to protect the battery by cutoff or limit the current or voltage on the battery electrodes, the protected-battery power delivery pins are connected to the battery protection circuitries of the smartphone or add-on device. The following power delivery paths are enabled: (1) the add-on device is powered by the battery of the smartphone through the protected-battery power delivery pins that are connected to the output of the battery protection circuitry of the smartphone. (2) the smartphone is powered by the battery of the add-on device through the protected-battery power delivery pins that are connected to the output of the battery protection circuitry of the add-on device, and (3) the batteries charge each other through the protected-battery power delivery pins that are connected to the output of the battery protection circuitries of smartphone and add-on devices.
A secure phone system comprising a plurality of Voice over IP (VoIP) phones, each having an enhanced security implant device, a Mutual Disabling Unit (MDU) and a method of operating the system for securing VoIP phones located in the same room by disabling a VoIP phone while a call is active in another phone in order to prevent audio eavesdropping.
H04M 3/20 - Automatic or semi-automatic exchanges with means for interrupting existing connectionsAutomatic or semi-automatic exchanges with means for breaking-in on conversations
H04M 7/00 - Arrangements for interconnection between switching centres
14.
Security method and apparatus for locking of mediators between console peripheral devices and hosts
A mediator and a method for securing a mediator for coupling between one or more hosts and one or more consoles comprising one or more peripheral devices. The mediator is having at least three stages: (i) a security setup stage; (ii) a neutralization stage; and (iii) a normal operation stage. In the normal operation stage, the mediator couples between at least one of the one or more peripheral devices and at least one of the one or more peripheral devices. In the neutralization stage the mediator disable coupling between at least one of the one or more peripheral devices and at least one of the one or more peripheral devices. The securing method starts with the security setup stage after at least one of (a) a power-up; (b) a reset; (c) a device connection; and (d) an unlock command. Upon entering the security setup stage, the method performs the following: (1) reading the device information of the one or more peripheral devices; (2) if the mediator is in Unlock state, waiting for a locking command and upon locking command arrival, register the information of the one or more peripheral devices to non-volatile memory, and proceed to normal operation stage, (3) if the mediator is in Lock state, compare the registered information of the one or more peripheral devices with the information read previously, and upon a match proceed to normal operation stage and upon a miss-match proceed to neutralization stage. The lock and unlock commands are provided from an authorized user or an administrator.
Mediating between host and display where a mediator enforces security policy over bidirectional protocols of a Display Data Channel (DDC) of video communication protocols between host and display, where AD-EDID display emulators are coupled to DDCs of the host's video port, AD-EDID host emulators are coupled to DDCs of display's video port and security enforcing communication units couple between pairs of AD-EDID display emulator and AD-EDID host emulator, where AD-EDID display emulators emulate display operation and behavior over the DDC, AD-EDID host emulators emulate host operation and behavior over the DDC and security enforcing communication units enforce security policy such as unidirectional communication between the pairs of AD-EDID host emulators and AD-EDID display emulators.
H04N 21/40 - Client devices specifically adapted for the reception of, or interaction with, content, e.g. STB [set-top-box]Operations thereof
H04N 21/60 - Network structure or processes for video distribution between server and client or between remote clientsControl signalling between clients, server and network componentsTransmission of management data between server and clientCommunication details between server and client
H04L 43/00 - Arrangements for monitoring or testing data switching networks
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
16.
System and method of polychromatic identification for a KVM switch
A peripheral devices switch, a peripheral device, and a keyboard configured to be connected to a plurality of host computers. The peripheral devices switch configured to be coupled to at least one set of peripheral devices and to a plurality of host computers. A color is assigned to each host computer and the at least one set of peripheral devices illuminates at least one polychromatic light source with the color that is assigned to an active host computer. A peripheral device interface to interface between the peripheral device and the peripheral devices switch may be a composite interface comprises two independent interface protocols either by sharing a single connector and cable but having separate pins in the connector and corresponding wires in the cable, or by having a separate cable and separate connector to each one of said interface protocol. The composite interface comprises a primary standard peripheral device interface for the standard peripheral device functionalities, and secondary dedicated peripheral device interface configured to instructs the illumination of the polychromatic indication.
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 13/42 - Bus transfer protocol, e.g. handshakeSynchronisation
G08B 5/36 - Visible signalling systems, e.g. personal calling systems, remote indication of seats occupied using electric transmissionVisible signalling systems, e.g. personal calling systems, remote indication of seats occupied using electromagnetic transmission using visible light sources
G06F 3/02 - Input arrangements using manually operated switches, e.g. using keyboards or dials
A modular keyboard video and mouse (KVM) switching system comprises a core KVM switch module, one or more console peripheral interface modules (CPIM) and one or more host computer interface modules (HIM). The CPIM interfaces console peripheral devices to the core KVM switch module and the HIM interfaces host computer to the core KVM switch module. Changing of console peripheral devices or host computer involves adapting a corresponding CPIM or HIM without changing the core KVM switch module.
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 3/038 - Control and interface arrangements therefor, e.g. drivers or device-embedded control circuitry
A modular keyboard video and mouse (KVM) switching system comprises a core KVM switch module, one or more console peripheral interface modules (CPIM) and one or more host computer interface modules (HIM). The CPIM interfaces console peripheral devices to the core KVM switch module and the HIM interfaces host computer to the core KVM switch module. Changing of console peripheral devices or host computer involves adapting a corresponding CPIM or HIM without changing the core KVM switch module.
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 3/038 - Control and interface arrangements therefor, e.g. drivers or device-embedded control circuitry
19.
SYSTEM AND METHOD FOR DETECTION AND PREVENTION OF CYBER ATTACKS AT IN-VEHICLE NETWORKS
A cyber security system for in-vehicle networks comprises a plurality of electronic control units (ECUs) communicating via a vehicle bus. The system comprises a plurality of bus security units (BSUs), wherein each BSU is configured to be connected between the vehicle bus and one of the ECUs, and the BSUs communicating via a security bus separate from the vehicle bus. Each BSU is configured to monitor the activity of the corresponding ECU, on the vehicle bus, send the monitored activity to another BSU on the security bus and detect abnormal communication on the vehicle bus.
A method for securing an off-the-shelf smartphone, a secure communication system, and a security insert is provided. The method comprises removing the battery from the off-the-shelf smartphone and inserting the security insert to the battery compartment. The security insert comprises cryptographic module. The method further comprises modifying off-the-shelf smartphone and providing a power and data connection between the security insert and the smartphone. The secure communication system wirelessly transmits outgoing cellular encrypted black data, which is encrypted by the cryptographic module, from the modified off-the-shelf smartphone to a cellular network, and decrypts, by the cryptographic module, incoming cellular black data receives from the cellular network to the modified off-the-shelf smartphone. The security insert enclosure configured to be deployed in a battery compartment.
H04M 1/72409 - User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
A method for securing an off-the-shelf smartphone, a secure communication system, and a security insert is provided. The method comprises removing the battery from the off-the-shelf smartphone and inserting the security insert to the battery compartment. The security insert comprises cryptographic module. The method further comprises modifying off-the-shelf smartphone and providing a power and data connection between the security insert and the smartphone. The secure communication system wirelessly transmits outgoing cellular encrypted black data, which is encrypted by the cryptographic module, from the modified off-the-shelf smartphone to a cellular network, and decrypts, by the cryptographic module, incoming cellular black data receives from the cellular network to the modified off-the-shelf smartphone. The security insert enclosure configured to be deployed in a battery compartment.
H04M 1/72409 - User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
A system incorporating a smartphone and an add-on device coupled to each other via combined data/power interface, wherein the smartphone has a re-chargeable battery connected to battery protection circuitry. The combined data/power interface includes: one or more data pins for transferring data between the smartphone and the add-on device; one or more regulated power delivery pins; and one or more protected-battery power delivery pins. The smartphone is chargeable by an external charger when the add-on device is coupled to the smartphone and the external charger is coupled to the add-on device, and when the add-on device is coupled to the smartphone the add-on device is continuously powerable by the smartphone battery whether or not the external charger is coupled to the add-on device. The rechargeable battery is protected by battery protection circuitry that is configured to protect the battery by cutting off or limiting the current or voltage on the battery electrodes, and where both include an interface controller tonegotiate a power delivery mode between the smartphone and the add-on device. A method of negotiating between the interface controller of the smartphone and the interface controller of the add-on device to agree on performing at least one of a protected-battery power delivery mode and a regulated power delivery mode.
A system incorporating a smartphone comprising a smartphone and add-on device coupled to each other via combined data/power interface, wherein the smartphone comprises a rechargeable battery connected to battery protection circuitry and the add-on device optionally comprises a rechargeable battery connected to battery protection circuitry as well, the combined data/power interface comprises: one or more data pins for transferring data between the smartphone and the add-on device; one or more regulated power delivery pins; and one or more protected-battery power delivery pins, wherein the regulated power delivery pins are used to charge the battery of the smartphone from an external charger coupled to the add-on device, the batteries are connected to the battery protection circuitries that is configured to protect the battery by cutoff or limit the current or voltage on the battery electrodes, the protected-battery power delivery pins are connected to the battery protection circuitries of the smartphone or add-on device. The following power delivery paths are enabled: (1) the add-on device is powered by the battery of the smartphone through the protected- battery power delivery pins that are connected to the output of the battery protection circuitry of the smartphone. (2) the smartphone is powered by the battery of the add-on device through the protected-battery power delivery pins that are connected to the output of the battery protection circuitry of the add-on device, and (3) the batteries charge each other through the protected-battery power delivery pins that are connected to the output of the battery protection circuitries of smartphone and add-on devices.
A system incorporating a smartphone comprising a smartphone and add-on device coupled to each other via combined data/power interface, wherein the smartphone has a chargeable battery connected to battery protecrion circuitry. The combined data/power interface includes: one or more data pins for transferring data between the smartphone and the add-on device; one or more regulated power delivery pins; and one or more protected-battery power delivery pins. The smartphone is chargeable by an external charger when the add-on device is coupled to the smartphone and the external charger is coupled to the add-on device, and when the add-on device is coupled to the smartphone the add-on device is continuously powerable by the smartphone battery whether or not the external charger is coupled to the add-on device."
A peripheral devices switch is configured to be coupled to at least one set of peripheral devices and to a plurality of host computers. A color is assigned to each host computer. The at least one set of peripheral devices illuminates at least one polychromatic light source with the color assigned to an active hast computer. A peripheral device interface to interface between the peripheral device and the peripheral devices switch may be a composite interface comprises two independent interface protocols either by sharing a single connector and cable but having separate pins in the connector and corresponding wires in the cable, or by having a separate cable and separate connector to each one of said inte1face protocol. The composite interface comprises a primary standard peripheral device interface for the standard peripheral device functionalities, and secondary dedicated peripheral device interface configured to instructs the illumination of the polychromatic indication.
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
G06F 1/16 - Constructional details or arrangements
26.
Secure audio switch comprising an analog low pass filter coupled to an analog audio diode
A secure audio switch comprising: a plurality of host computer interfaces, each for interfacing the secure audio switch with a corresponding host computer, for receiving audio signals from said corresponding host computer; a user audio interface, for interfacing the secure audio switch with at least one user audio device, wherein said at least one user audio device comprises at least one of a speaker or an earphone; an Audio Output Channel (AOC), coupled to said user audio interface comprises audio security device to reduce data leak by intentionally reducing data rate capable of flowing through said AOC to a maximum rate comparable to the minimal rate required for reproducing human speech, and forcing audio data flow only in the direction to said user audio interface by using an analog audio diode and an analog low pass filter in the audio output channel (AOC).
G10L 19/00 - Speech or audio signal analysis-synthesis techniques for redundancy reduction, e.g. in vocodersCoding or decoding of speech or audio signals, using source filter models or psychoacoustic analysis
H04N 7/52 - Systems for transmission of a pulse code modulated with one or more other pulse code modulated signals, e.g. an audio signal or a synchronizing signal
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
Mediating between host and display where a mediator enforces security policy over bidirectional protocols of a Display Data Channel (DDC) of video communication protocols between host and display, where AD-EDID display emulators are coupled to DDCs of the host's video port, AD-EDID host emulators are coupled to DDCs of display's video port and security enforcing communication units couple between pairs of AD-EDID display emulator and AD-EDID host emulator, where AD-EDID display emulators emulate display operation and behavior over the DDC, AD-EDID host emulators emulate host operation and behavior over the DDC and security enforcing communication units enforce security policy such as unidirectional communication between the pairs of AD-EDID host emulators and AD-EDID display emulators.
H04N 21/647 - Control signaling between network components and server or clientsNetwork processes for video distribution between server and clients, e.g. controlling the quality of the video stream, by dropping packets, protecting content from unauthorised alteration within the network, monitoring of network load or bridging between two different networks, e.g. between IP and wireless
H04N 21/835 - Generation of protective data, e.g. certificates
28.
System and method of polychromatic identification for a KVM switch
Systems and methods of a peripheral devices switching system configured to be connected to a plurality of host computers, including at least one set of peripheral devices, a peripheral devices switch that is to be coupled to said at least one set of peripheral devices and said plurality of host computers, where the peripheral devices switch assigns a color to each host computer, and couple between said at least one set of peripheral devices and an active host computer, and one or more polychromatic light sources that are being comprised in the peripheral devices switch, the at least one of the peripheral devices of the sets of peripheral devices or both, where the peripheral devices switch indicates the active host computer by illuminating at least one polychromatic light source by the color that is assigned to the active host computer.
G06F 13/10 - Program control for peripheral devices
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
A secure cellular communication system comprises a modified smartphone mated with a security pack. A Cryptographic module within the security pack encrypts all cellular outgoing data and decrypts cellular incoming data. The modified smartphone is modified to rout all cellular outgoing data and incoming data via the Cryptographic module within the security pack. The cellular MODEM may reside within the security pack while the phone's cellular MODEM is disabled, or the phone's cellular MODEM may be used.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04W 12/02 - Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
H04M 1/72409 - User interfaces specially adapted for cordless or mobile telephones with means for local support of applications that increase the functionality by interfacing with external accessories
A portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure. One computer module is for Higher-Security applications (refer higher-security to as “red”) and the other is for Lower-Security applications such as email and internet (refer lower-security to as “black”). The two modules are coupled together to secure Peripheral Sharing Switch that enables intuitive user interaction while minimizing the security risk resulted from sharing same peripheral device.
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
G06F 1/16 - Constructional details or arrangements
A method for securing a KVM Matrix system by inserting a plurality of input security isolators, each of the input security isolators is placed between a host computer and matrix host adapter of the KVM matrix system to enforce security data flow policy that is applicable for the corresponding host computer. Additionally, a security filter is placed between peripheral devices and a matrix console adapter to enforce security data flow policy that is applicable for the corresponding peripheral devices.
A secure audio switch comprising: a plurality of host computer interfaces, each for interfacing the secure audio switch with a corresponding host computer, for receiving audio signals from said corresponding host computer; a user audio interface, for interfacing the secure audio switch with at least one user audio device, wherein said at least one user audio device comprises at least one of a speaker or an earphone; an Audio Output Channel (AOC), coupled to said user audio interface comprises audio security device to reduce data leak by intentionally reducing data rate capable of flowing through said AOC to a maximum rate comparable to the minimal rate required for reproducing human speech, and forcing audio data flow only in the direction to said user audio interface; a monitor and control unit, for receiving user's selection of a selected one of said plurality of host computer to be interfaced with said user audio interface, and indicating to the user which of said hosts is currently selected to be interfaced with said user audio interface; and an audio MUX, receiving user selection of the host selected to be interfaced with said user audio interface from said monitor and control unit, and in response, coupling only said selected host computer interface to said AOC.
G10L 19/02 - Speech or audio signal analysis-synthesis techniques for redundancy reduction, e.g. in vocodersCoding or decoding of speech or audio signals, using source filter models or psychoacoustic analysis using spectral analysis, e.g. transform vocoders or subband vocoders
33.
Method and apparatus for securing voice over IP telephone device
A security implant device and a method of operation of the security implant, for securing Voice over IP (VoIP) phone, the implant device disables audio input and output components of the VoIP phone in order to prevent audio eavesdropping.
A secure cellular communication system comprises a modified smartphone mated with a security pack. A Cryptographic module within the security pack encrypts all cellular outgoing data and decrypts cellular incoming data. The modified smartphone is modified to rout all cellular outgoing data and incoming data via the Cryptographic module within the security pack. The cellular MODEM may reside within the security pack while the phone's cellular MODEM is disabled, or the phone's cellular MODEM may be used.
H04B 1/3888 - Arrangements for carrying or protecting transceivers
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
H04M 1/19 - Arrangements of transmitters, receivers, or complete sets to prevent eavesdropping, to attenuate local noise or to prevent undesired transmissionMouthpieces or receivers specially adapted therefor
H04B 1/38 - Transceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving
H04M 1/02 - Constructional features of telephone sets
G06F 21/45 - Structures or tools for the administration of authentication
A portable computer providing high level of security comprises of two completely logically and electrically isolated computer modules within one tamper resistant enclosure. One computer module is for Higher-Security applications (refer higher-security to as "red ") and the other is for Lower-Security applications such as email and internet (refer lower-security to as "black" ). The two modules are coupled together to secure Peripheral Sharing Switch that enables intuitive user interaction while minimizing the security risk resulted from sharing same peripheral device.
G06F 21/70 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 21/82 - Protecting input, output or interconnection devices
G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
G06F 13/00 - Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
G06F 13/10 - Program control for peripheral devices
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A method for securing a KVM Matrix system by inserting a plurality of input security isolators, each of the input security isolators is placed between a host computer and matrix host adapter of the KVM matrix system to enforce security data flow policy that is applicable for the corresponding host computer. Additionally, a security isolator is placed between peripheral devices and a matrix console adapter to enforce security data flow policy that is applicable for the corresponding peripheral devices.
G06F 13/00 - Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
G06F 21/50 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
G06F 21/70 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 21/82 - Protecting input, output or interconnection devices
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 13/10 - Program control for peripheral devices
A method for securing a KVM Matrix system by inserting a plurality of input security isolators, each of the input security isolators is placed between a host computer and matrix host adapter of the KVM matrix system to enforce security data flow policy that is applicable for the corresponding host computer. Additionally, a security isolator is placed between peripheral devices and a matrix console adapter to enforce security data flow policy that is applicable for the corresponding peripheral devices.
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 21/82 - Protecting input, output or interconnection devices
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
G06F 21/70 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
G06F 21/71 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
G06F 21/50 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
A method for securing a KVM Matrix system by inserting a plurality of input security isolators, each of the input security isolators is placed between a host computer and matrix host adapter of the KVM matrix system to enforce security data flow policy that is applicable for the corresponding host computer. Additionally, a security filter is placed between peripheral devices and a matrix console adapter to enforce security data flow policy that is applicable for the corresponding peripheral devices.
A self-locking USB filter device is disclosed that comprises at least one permanently attachable self-locking USB plug having at least one locking tooth to permanently connect the permanently attachable self-locking USB plug to a USB jack of a protected computing apparatus. The self-locking USB filter protects the protected computing apparatus by blocking unauthorized data transfer and blocks all communication unless the authenticator is authenticated by software installed in the protected computing apparatus. A method of protecting USB jacks of a computing device is also disclosed.
A security implant device and a method of operation of the security implant, for securing Voice over IP (Vo IP) phone, the implant device disables audio input and output components of the Vo IP phone in order to prevent audio eavesdropping.
A security implant device and a method of operation of the security implant, for securing Voice over IP (Vo IP) phone, the implant device disables audio input and output components of the Vo IP phone in order to prevent audio eavesdropping.
Doc. No. 352-18 CA/PCT DIV ABSTRACT A security implant device and a method of operation of the security implant, for securing Voice over IP (VolP) phone, the implant device disables audio input and output components of the VolP phone in order to prevent audio eavesdropping. Date Recue/Date Received 2022-08-25
A USB security gateway device is integrated within a host computer. The USB security gateway device is used for protecting a USB port of a host computer against interaction with unauthorized USB device. The USB security gateway device qualifies any USB peripheral device before it allows it to interact with the host device. Qualification parameters are stored in the USB security gateway device and are reprogrammable.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
G06F 13/10 - Program control for peripheral devices
G06F 21/82 - Protecting input, output or interconnection devices
44.
Method and apparatus for securing voice over IP telephone device
A security implant device and a method of operation of the security implant, for securing Voice over IP (VoIP) phone, the implant device disables audio input and output components of the VoIP phone in order to prevent audio eavesdropping.
A self-locking USB filter device is disclosed that comprises at least one permanently attachable self-locking USB plug having at least one locking tooth to permanently connect the permanently attachable self-locking USB plug to a USB jack of a protected computing apparatus. The self-locking USB filter protects the protected computing apparatus by blocking unauthorized data transfer and blocks all communication unless the authenticator is authenticated by software installed in the protected computing apparatus. A method of protecting USB jacks of a computing device is also disclosed.
A device, apparatus, system and method for determining failure of a computer host among a plurality of hosts. The host failure detection device may be integrated in a KVM apparatus. The device monitors the video output of the plurality of hosts and if identifies a Blue Screen of Death or BIOS failure Black Screen, it issues a warning and logs the details of the discovered failure. The device may attempt to recover the failed host by transmitting emulated keyboard and mouse commands to the failed host.
G06F 3/02 - Input arrangements using manually operated switches, e.g. using keyboards or dials
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 11/34 - Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation
47.
KVM HAVING BLUE SCREEN OF DEATH DETECTION AND WARNING FUNCTIONS
A device, apparatus, system and method for determining failure of a computer host among a plurality of hosts. The host failure detection device may be integrated in a KVM apparatus. The device monitors the video output of the plurality of hosts and if identifies a Blue Screen of Death or BIOS failure Black Screen, it issues a warning and logs the details of the discovered failure. The device may attempt to recover the failed host by transmitting emulated keyboard and mouse commands to the failed host.
G06F 11/32 - Monitoring with visual indication of the functioning of the machine
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
48.
Secured KVM system having remote controller-indicator
A secure peripheral switching system comprises a secure peripheral switch remotely coupled to a secure remote controller-indicator, wherein the secure peripheral switch is capable of interfacing with at least two coupled host computers while ensuring data isolation among said at least two coupled host computers, said secure peripheral switch comprising a first interface circuitry to securely link the secure peripheral switch with said secure remote controller-indicator; and a secure remote controller-indicator. The secure remote controller-indicator comprises a second interface circuitry to securely link said secure remote controller-indicator with said secure peripheral switch; a control function capable of enabling a remote user control of said coupled secure peripheral switch; an indication function capable of providing a remote user indications of coupled secure peripheral switch; and an anti-tampering circuitry to detect physical tampering event and report such event to said secure peripheral switch.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 13/10 - Program control for peripheral devices
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/74 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
G06F 21/82 - Protecting input, output or interconnection devices
G06F 21/83 - Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
49.
Self-locking USB protection pug device having LED to securely protect USB jack
Methods, devices and system for enhancing computer information security by physically blocking unused USB ports with self-locking devices, or by providing USB port self-locking device with internal circuitry that qualifies and secures user peripheral device attached to the computer, and by continuously communicating with a management software application that provides real-time monitoring and warnings when any USB self-locking device is being removed or tampered. The self-locking devices use a spring loaded teeth in the USB plug that lock into tab spaces in the USB jack. Visual indicator provides positive assurance when all ports are secure. Each self-locking devices include a security circuit which is uniquely paired with the protected port. Some self-locking devices include data filters that only enable connecting authorized peripheral devices.
Methods, devices and system for enhancing computer information security by physically blocking unused USB ports with self-locking devices, or by providing USB port self-locking device with internal circuitry that qualifies and secures user peripheral device attached to the computer, and by continuously communicating with a management software application that provides real-time monitoring and warnings when any USB self-locking device is being removed or tampered. The self-locking devices use a spring loaded teeth in the USB plug that lock into tab spaces in the USB jack. Visual indicator provides positive assurance when all ports are secure. Each self-locking devices include a security circuit which is uniquely paired with the protected port. Some self-locking devices include data filters that only enable connecting authorized peripheral devices.
A meeting room power and multi-media center device having one or more wired or wirelessly connected displays or projectors selectively connected to one or more plurality of connected computers. The device provides user indications of qualified input video signals and enables remote control through wirelessly connected remote controller device. The device also provides AC power jacks and USB power jacks to power and charge various portable devices. Another embodiment of the current invention provides similar device further having video processing function to display multiple video sources simultaneously on one or more displays or projectors.
A meeting room power and multi-media center device having one or more wired or wirelessly connected displays or projectors selectively connected to one or more plurality of connected computers. The device provides user indications of qualified input video signals and enables remote control through wirelessly connected remote controller device. The device also provides AC power jacks and USB power jacks to power and charge various portable devices. Another embodiment of the current invention provides similar device further having video processing function to display multiple video sources simultaneously on one or more displays or projectors.
A meeting room power and multi-media center device having one or more wired or wirelessly connected displays or projectors selectively connected to one or more plurality of connected computers. The device provides user indications of qualified input video signals and enables remote control through wirelessly connected remote controller device. The device also provides AC power jacks and USB power jacks to power and charge various portable devices. Another embodiment of the current invention provides similar device further having video processing function to display multiple video sources simultaneously on one or more displays or projectors.
A serial protocol based Docking device having a single set of user peripherals supports multiple removable host computers having different video output types and different operating systems. The device provides mouse tracking function that switches the keyboard and mouse to the different host computers when the cursor is moved by the user across the respective display boundary. The docking device provides file-sharing and cut- and-paste functions across the different docked host computers. Laptops, tabletops as well as Smartphones, tablets and other forms of portable platforms are supported. Dragging an item from a display designated to a first host computer to a display designated to a second host computer performs moving or copying the item from the first host to the second host.
A serial protocol based Docking device having a single set of user peripherals supports multiple removable host computers having different video output types and different operating systems. The device provides mouse tracking function that switches the keyboard and mouse to the different host computers when the cursor is moved by the user across the respective display boundary. The docking device provides file-sharing and cut- and-paste functions across the different docked host computers. Laptops, tabletops as well as Smartphones, tablets and other forms of portable platforms are supported. Dragging an item from a display designated to a first host computer to a display designated to a second host computer performs moving or copying the item from the first host to the second host.
A serial protocol based Docking device having a single set of user peripherals supports multiple removable host computers having different video output types and different operating systems. The device provides mouse tracking function that switches the keyboard and mouse to the different host computers when the cursor is moved by the user across the respective display boundary. The docking device provides file-sharing and cut-and-paste functions across the different docked host computers. Laptops, tabletops as well as Smartphones, tablets and other forms of portable platforms are supported. Dragging an item from a display designated to a first host computer to a display designated to a second host computer performs moving or copying the item from the first host to the second host.
USB ports present risk of data leak from computers. The invention provides an electromechanical USB port protection device capable of mechanically block unused USB port, thus preventing the connection of any USB device to that port. Removal of the device requires electrically energizing the lock using security code. Security software provides scalable and secure centralized keys management. The device provides clear and continuous user visual indications when device is secure. Device derivative secures USB cable to the computer USB port. Another device derivative filters and secures a connected user peripheral device, for example a USB locking device that only allows a connection of USB mouse or keyboard.
The present invention presents apparatuses and systems for operating multiple computers from a single keyboard and a single mouse and view composite videos generated from video output of the multiple computers on a single display, while preventing any possible information leakage between the computers. Keyboard and mouse commands detected by a host controller are used to control a video processor and a peripheral switch. The peripheral switch directs keyboard and mouse signals to one selected host and at the same time, the video processor creates an active display window showing video information from the selected host. Physical unidirectional isolators in the video, keyboard and mouse channels prevent any potential data leakages between hosts.
G06F 13/12 - Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor
G06F 13/10 - Program control for peripheral devices
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 21/83 - Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors
G06F 13/00 - Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
G06F 21/82 - Protecting input, output or interconnection devices
Single Optical Fiber KVM (Keyboard Video Mouse) systems are provided that comprises of two subsystems: an electro-optical transmitter subsystem and an electro-optical receiver subsystem. The single optical fiber KVM is configured to support all required bi-directional communications.
G06F 13/12 - Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor
H04B 10/00 - Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
G06F 3/02 - Input arrangements using manually operated switches, e.g. using keyboards or dials
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
H04L 5/00 - Arrangements affording multiple use of the transmission path
H04L 5/14 - Two-way operation using the same type of signal, i.e. duplex
A security device for hindering data theft and data leaks via audio channel of a computer system is based on passing the audio signals through a coding vocoder that receives input audio signal from a computer and compressing the signal to a low bit-rate digital data indicative of human speech; and a decoding vocoder that decompress the digital data back to a secure audio signal. The data transfer of the protected audio channel is intentionally limited not to exceed the bit-rate needed to carry vocoder-compressed human speech which is well below the capabilities of unprotected audio channel. Both analog and digital audio ports may be protected. Hardware bit-rate limiter protect the system from software hacking.
G10L 19/00 - Speech or audio signal analysis-synthesis techniques for redundancy reduction, e.g. in vocodersCoding or decoding of speech or audio signals, using source filter models or psychoacoustic analysis
A streaming video security device is provided that comprises an input LAN interface, at least one streaming video decoder, an output LAN interface, at least one streaming video encoder coupled at one side to said LAN interface for streaming video output and coupled at the other side to a raw video display-compatible output interface; and unidirectional data flow element coupled at the transmitting side to the streaming video decoder through the raw video display-compatible output interface and coupled at the receiving side to one or more video encoder through the raw video display-compatible input interface.
G06F 9/00 - Arrangements for program control, e.g. control units
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
62.
METHOD SYSTEM AND APPARATUS FOR STREAMING VIDEO SECURITY
A streaming video security device is provided that comprises an input LAN interface, at least one streaming video decoder, an output LAN interface, at least one streaming video encoder coupled at one side to said LAN interface for streaming video output and coupled at the other side to a raw video display-compatible output interface; and unidirectional data flow element coupled at the transmitting side to the streaming video decoder through the raw video display-compatible output interface and coupled at the receiving side to one or more video encoder through the raw video display- compatible input interface.
Devices and methods provide for enabling a user to use a single user authentication device such as smart-card reader, such that the user is capable of securely interfacing with two or more isolated computers and enabling the user to authenticate and remain authenticated at multiple computers at the same time. Once the user removes the smart-card from the smart-card reader, the authentication session on all coupled computers is terminated at once. The user authentication device comprises: an authentication module connected via a channel selection switch to one of a plurality of channels, each interfacing with a respective coupled computer.
G06F 7/04 - Identity comparison, i.e. for like or unlike values
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
G06F 17/30 - Information retrieval; Database structures therefor
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
G06F 21/41 - User authentication where a single sign-on provides access to a plurality of computers
G06F 21/32 - User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
G07F 7/10 - Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card together with a coded signal
G06F 13/10 - Program control for peripheral devices
G06Q 20/34 - Payment architectures, schemes or protocols characterised by the use of specific devices using cards, e.g. integrated circuit [IC] cards or magnetic cards
64.
USER AUTHENTICATION DEVICE HAVING MULTIPLE ISOLATED HOST INTERFACES
Devices and methods provide for enabling a user to use a single user authentication device such as smart-card reader, such that the user is capable of securely interfacing with two or more isolated computers and enabling the user to authenticate and remain authenticated at multiple computers at the same time. Once the user removes the smart-card from the smart-card reader, the authentication session on all coupled computers is terminated at once. The user authentication device comprises: an authentication module connected via a channel selection switch to one of a plurality of channels, each interfacing with a respective coupled computer.
A system enabling a computer user to securely share a single set of keyboard and mouse (KM) among multiple isolated computers. The system enables one set of peripheral devices to independently interact with multiple coupled isolated computers through mouse position analysis on a virtual display area corresponding to multiple physical user displays of the particular installation. The system may be used to enable computer user having multiple isolated computers each with one or more coupled display to automatically switch a single set of keyboard mouse and other peripheral devices between the different computers. As isolated computers may have different security levels, the method and apparatus of the present invention prevents and potential data leakages between computers and coupled networks.
G06F 13/12 - Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor
G06F 3/02 - Input arrangements using manually operated switches, e.g. using keyboards or dials
G06F 21/83 - Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
G06F 1/16 - Constructional details or arrangements
A secure peripheral device, coupled to a computer, capable of enabling a user to use a peripheral device such as a microphone, speakers, headset or video camera when the device is in operational state, while giving to the user a clear visual indication that the device is enabled. The device simultaneously disables the user peripheral device; and turns off the visual indication when the secure peripheral device is in secure state. The operational state is activated by the user by pressing a momentary push-button switch. A timer resets the device to a secure state after a short preset time. The device has anti-tempering functionality and becomes permanently disabled if tempered with. Optionally the device is coupled to the computer via a USB port that powers it.
A secure peripheral device, coupled to a computer, capable of enabling a user to use a peripheral device such as a microphone, speakers, headset or video camera when the device is in operational state, while giving to the user a clear visual indication that the device is enabled. The device simultaneously disables the user peripheral device; and turns off the visual indication when the secure peripheral device is in secure state. The operational state is activated by the user by pressing a momentary push-button switch. A timer resets the device to a secure state after a short preset time. The device has anti-tempering functionality and becomes permanently disabled if tempered with. Optionally the device is coupled to the computer via a USB port that powers it.
G06F 21/82 - Protecting input, output or interconnection devices
G06F 21/85 - Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
A secure video camera device for reducing the risk of visual and audio eavesdropping has a video camera and an electromechanical shutter behind a transparent cover in a secured enclosure. The shutter optically obscures the camera lens when the device is in secure state. A visual indicator indicates when the device is in operational state. A switch controllable by the user, select the state of the device by concurrently disabling the camera turning off the visual indicator in a secure state; and setting said device in an operational state by concurrently enabling the camera and turning on said lighted indicator. The device has a built in, or auxiliary microphone, and audio outputs which are disabled in secure state of the device. The device is tempered proof by an anti-tempering circuitry.
A secure audio peripheral device, coupled to a computer, capable of enabling a user to use audio devices such as a microphone, speakers or headset when the device is in operational state, while giving to the user a clear visual indication that the audio devices are enabled. The device simultaneously disables the microphone; and turns off the visual indication when the device is in secure state. The operational state is activated by the user by pressing a momentary push-button switch. A timer resets the device to a secure state after a short preset time. The device has anti-tempering functionality and becomes permanently disabled if tempered with. Optionally the device is coupled to the computer via a USB port that powers a USB CODEC chip and a LED used as the visual indicator.
A secure audio peripheral device, coupled to a computer, capable of enabling a user to use audio devices such as a microphone, speakers or headset when the device is in operational state, while giving to the user a clear visual indication that the audio devices are enabled. The device simultaneously disables the microphone; and turns off the visual indication when the device is in secure state. The operational state is activated by the user by pressing a momentary push-button switch. A timer resets the device to a secure state after a short preset time. The device has anti-tempering functionality and becomes permanently disabled if tempered with. Optionally the device is coupled to the computer via a USB port that powers a USB CODEC chip and a LED used as the visual indicator.
Single Optical Fiber KVM (Keyboard Video Mouse) systems are provided that comprises of two subsystems: an electro-optical transmitter subsystem and an electro-optical receiver subsystem. The single optical fiber KVM is configured to support all required bi- directional communications.
A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.
Single Optical Fiber KVM (Keyboard Video Mouse) systems are provided that comprises of two subsystems: an electro-optical transmitter subsystem and an electro-optical receiver subsystem. The single optical fiber KVM is configured to support all required bi- directional communications.
The present invention discloses a KVM (Keyboard Video Mouse) device for operation in high security environments. More specifically, this invention discloses a secure KVM built to prevent data leakages between two or more coupled computer hosts. The invention also discloses methods of operation of the secure KVM. Further more particularly, the invention presents a special secure KVM device for interacting with computers using a single user console, while preventing data leakage between the connected computers and attached networks.
G06F 9/455 - EmulationInterpretationSoftware simulation, e.g. virtualisation or emulation of application or operating system execution engines
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
A system enabling a computer user to securely share a single set of keyboard and mouse (KM) among multiple isolated computers. The system enables one set of peripheral devices to independently interact with multiple coupled isolated computers through mouse position analysis on a virtual display area corresponding to multiple physical user displays of the particular installation. The system may be used to enable computer user having multiple isolated computers each with one or more coupled display to automatically switch a single set of keyboard mouse and other peripheral devices between the different computers. As isolated computers may have different security levels, the method and apparatus of the present invention prevents and potential data leakages between computers and coupled networks.
A system enabling a computer user to securely share a single set of keyboard and mouse (KM) among multiple isolated computers. The system enables one set of peripheral devices to independently interact with multiple coupled isolated computers through mouse position analysis on a virtual display area corresponding to multiple physical user displays of the particular installation. The system may be used to enable computer user having multiple isolated computers each with one or more coupled display to automatically switch a single set of keyboard mouse and other peripheral devices between the different computers. As isolated computers may have different security levels, the method and apparatus of the present invention prevents and potential data leakages between computers and coupled networks.
G06F 21/83 - Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
G06F 21/84 - Protecting input, output or interconnection devices output devices, e.g. displays or monitors
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
77.
COMPUTER MOTHERBOARD HAVING PERIPHERAL SECURITY FUNCTIONS
A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.
A secure motherboard for a computer, wherein each user accessible peripheral port is protected by hardware based peripheral protection circuitry soldered to the motherboard. The protection circuitry provides security functions decreasing the vulnerability of the computer to data theft. User input ports such as keyboard and mouse peripheral ports are coupled to the computer through a security function that enforce unidirectional data flow only from the user input devices to the computer. Display port uses a security function which isolates the EDID in the display from the computer. Authentication device such as smart card reader is coupled to the computer via a port having a security function which enumerates the authentication device before coupling it to the computer.
As KVMs (Keyboard Video Mouse) may be abused by attackers to bridge or leak between isolated networks, Secure KVM typically used having isolated circuitry for each computer channel to reduce its vulnerability to leakages between channels. To enable remote installation of a KVM with isolated computers a remote Controller-Indicator is needed in order to present to the user the KVM front panel indications and to enable certain control functions. The current invention provides a KVM switch capable of providing secure remote extension of KVM control and indication functions. Another object of the present invention is to provide a KVM switch having secure remote extension of the complete user console with support of: remote keyboard, mouse, one or more displays, smart-card reader, audio devices, KVM control and KVM monitoring.
As KVMs (Keyboard Video Mouse) may be abused by attackers to bridge or leak between isolated networks, Secure KVM typically used having isolated circuitry for each computer channel to reduce its vulnerability to leakages between channels. To enable remote installation of a KVM with isolated computers a remote Controller-Indicator is needed in order to present to the user the KVM front panel indications and to enable certain control functions. The current invention provides a KVM switch capable of providing secure remote extension of KVM control and indication functions. Another object of the present invention is to provide a KVM switch having secure remote extension of the complete user console with support of: remote keyboard, mouse, one or more displays, smart-card reader, audio devices, KVM control and KVM monitoring.
G06F 21/04 - by protecting specific peripheral devices, e.g. keyboards or displays
G06F 3/023 - Arrangements for converting discrete items of information into a coded form, e.g. arrangements for interpreting keyboard generated codes as alphanumeric codes, operand codes or instruction codes
81.
Secure KVM device ensuring isolation of host computers
The present invention presents apparatuses and systems for operating multiple computers from a single console using a secured KVM device, while preventing information leakage between the computers. The system comprises several hosts connected through a secured KVM device to keyboard and mouse and one or more user displays. Secured KVM enables standard bi-directional communication between Secured KVM and user keyboard and mouse and between hosts peripheral ports and Secured KVM. Secured KVM physically enforces unidirectional data flow from attached keyboard and mouse to attached hosts peripheral ports to avoid potential leakages between hosts.
The present invention discloses a KVM (Keyboard Video Mouse) device for operation in high security environments. More specifically, this invention discloses a secure KVM built to prevent data leakages between two or more coupled computer hosts. The invention also discloses methods of operation of the secure KVM. Further more particularly, the invention presents a special secure KVM device for interacting with computers using a single user console, while preventing data leakage between the connected computers and attached networks.
The present invention discloses a KVM (Keyboard Video Mouse) device for operation in high security environments. More specifically, this invention discloses a secure KVM built to prevent data leakages between two or more coupled computer hosts. The invention also discloses methods of operation of the secure KVM. Further more particularly, the invention presents a special secure KVM device for interacting with computers using a single user console, while preventing data leakage between the connected computers and attached networks.
patents
