WO2012111018A1 - Secure tamper proof usb device and the computer implemented method of its operation - Google Patents

Secure tamper proof usb device and the computer implemented method of its operation Download PDF

Info

Publication number
WO2012111018A1
WO2012111018A1 PCT/IN2011/000358 IN2011000358W WO2012111018A1 WO 2012111018 A1 WO2012111018 A1 WO 2012111018A1 IN 2011000358 W IN2011000358 W IN 2011000358W WO 2012111018 A1 WO2012111018 A1 WO 2012111018A1
Authority
WO
WIPO (PCT)
Prior art keywords
secure
usb
computer
user
implemented method
Prior art date
Application number
PCT/IN2011/000358
Other languages
French (fr)
Inventor
Lakshmi THOZHUVANOOR VELLAT
Original Assignee
Thozhuvanoor Vellat Lakshmi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thozhuvanoor Vellat Lakshmi filed Critical Thozhuvanoor Vellat Lakshmi
Publication of WO2012111018A1 publication Critical patent/WO2012111018A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Abstract

A secure tamper proof USB device to provide a secure Internet / server access comprises of an operating system (OS); biometric / fingerprint unit to authenticate the user; i-button for the unique ID of the device used for the authentication of the device; OLED for the general message display; USB tamper protection circuit and a rechargeable battery to operate the tampering circuit and A computer-implemented method for establishing a secure Internet / server access through secure tamper proof USB device comprising the steps of connecting the secure portable USB device to the PC; checking for whether the user is authorized biometrically; under condition that the user is authorized, the currently running PC gets reboot from the Live OS present in the Secure USB device and permits the user to access the pre-configured websites clean from any kind of security threats; under condition that the user is not authorized, the currently running PC does not gets reboot and ask for proper authorization; under condition that the user does any tampering to the said device, the tampering circuit gets triggered and it erases the complete data stored in the said device.

Description

FIELD OF THE INVENTION
The present invention relates generally to computer systems. More particularly, this invention relates to a secure tamper proof USB device intended for securely rebooting a computer from an operating system stored in a portable device and further provide a secure Internet Enterprise and /or private / public server Access along with a computer implemented method of its operation.
BACKGROUND ART
More recently, computers still execute a complex sequence of instructions after power-on to boot the computer and load its operating system. The initial instructions may reside in a read-only memory (ROM), along with Basic Input-Output System (BIOS) in the computer (PC). The operating system such as Windows / Linux may be loaded from the hard disk, and when booting is complete the OS can execute user programs. Various system checks such as hardware and/or software detection is performed during booting.
The memory such as the mass storage devices such as hard disks are being replaced or supplemented with solid-state mass storage such as flash memories. Further the users are also experiencing mass storage file corruption and destruction because PCs have little or no security protection from unauthorized use and espionage. Even when PCs provide password protection, technical experts have become skilled at breaking or bypassing this limited security scheme. Because authorization security needs to be performed before the machine boots the operating system, it is difficult to add better security to the BIOS. One costly current alternative is to add custom circuitry which has its own specially coded microprocessor to the PC. However, without a low cost secure authorization technique provided by the PC manufacturer, the ordinary user is at tremendous peril to today's hightech cyber thieves.
Many cases of sensitive information leakage have occurred by file sharing software such as P2P. Those cases have been caused by such reasons as an insufficient security guard of the personal computer (hereinafter, referred to as PC). For the purpose of preventing recurrence of such sensitive information leakage cases, corporations and public agencies adopt measures below: A system administrator advances the security guard of a PC owned by each use by installing security software such as antivirus software and spyware monitoring software onto a PC and instructs each user to comply with security compliance requirements. For the purpose of forbidding the users for unauthorized access and data theft, the system administrator disables the USB slot at the BIOS level and limits access to the BIOS by using passwords.
Even with the above-described guard, the PC may be subjected to illegal access when a user forgets to update a definition file of the security software. In addition, the above- described guard requires the user to perform an additional task when the user is to bring out a file or a task of encrypting a file at each time when the user operates the file. That lowers usability of each user, and further degrades the work efficiency of the office work.
New generation personal computer (PC) card technologies have been developed that combine flash memory with architecture that is compatible with the Universal Serial Bus (USB) standard. This has further fueled the flash memory trend because the USB standard is easy to implement and is popular with PC users. In addition to replacing hard drives, flash memory is also replacing floppy disks because flash memory provides higher storage capacity and faster access speeds than floppy drives. The USB standard has several features that require additional processing resources. These features include fixed-frame times, transaction packets, and enumeration processes. For better optimization, these features have been implemented in application-specific integrated circuits (ASICs). In addition to the limitations introduced by the USB standard, there are inherent limitations with flash memory. First, flash memory sectors that have already been programmed must be erased before being reprogrammed. Also, flash memory sectors have a limited life span; i.e., they can be erased only a limited number of times before failure. Accordingly, flash memory access is slow due to the erase-before- write nature and ongoing erasing will damage the flash memory sectors over time.
As per a prior art a PCT publication, WO2009154705 by Lockheed Martin, which discloses inter-connectable personal computer architectures comprising secure, portable and persistent computing environments that provide secure computing sessions with persistence. The computing environments are implemented using a secure non-computing client device, such as a USB device, that interfaces with a host computer and, optionally, a trusted server. The secure non-computing client device is used to instantiate a secure BIOS and a secure cold or warm boot of the host computer, from the client device, in a host protected area of the host computer, or from the trusted server. The client device comprises a security device, such a trusted platform module that encrypts and decrypts data transferred between the client apparatus and the host computer to provide a sealed computing environment on the host computer. The client device may implement keyboard logger attack prevention. The client device may also implement a high assurance guard to protect applications. The client device may also comprise security wrapper software that encapsulates malware processed by the host computer.
Another Chinese specification CN101398764 by JINGTIAN ELECTRONIC SHENZHEN C discloses a portable USB device that boots a computer as a server with security measure. Techniques for booting a host computer from a portable storage device with customized settings with secure measure are described herein. According to one embodiment, in response to detecting a portable storage device inserted into a first host computer, the portable storage device is authenticated using a private key stored within the portable storage device against a public key stored in a second host computer over a network. In response to a successful authentication, data representing a personal working environment associated with a user of the portable storage device is downloaded from the second host computer over the network. After reboot, the first host computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate the second host computer in view of the personal working environment. Other methods and apparatuses are also described. Another US specification US2008244689 by DALTON CURTIS EVERETT discloses a portable and secure computer operating system, and applications that can be used securely on virtually any computer system regardless of its security state (i.e., regardless of the presence of computer viruses, Trojan code, keylogging software, or any other malicious mobile code that may exist on host computer system). The present invention is embodied within three components including the client desktop or server software, the appliance-based management server, and the media (i.e., including but not limited to USB thumb drive or CDROM) on which the client desktop or server software is installed.
Another US specification US2008172555 by ERINK TECHNOLOGIES discloses a bootable thin client personal initialization device. The invention provides a 'thin client', such as software loaded on a USB memory 'stick' or other bootable media, that boots a host machine without using the machine's hard-drive or software and without local applications running in the background. The USB thin client device's use and control of the host machine is safe to the host machine because it does not involve nor alter the hard-drive or software of the machine. The host machine acts like a 'dumb' terminal to permit the USB thin client to remotely access a remote server to for example run software and access data remotely for local presentation and interfacing via the host machine's display, keyboard, printer, etc. By using, for example, a broadband Internet connection there is no appreciable delay given today's connection speeds. The USB thin client typically includes a portion in the open and an encrypted portion only accessible after the user, for example, enters a security password. Upon recognition of the password by the USB thin client device, the device decrypts the encrypted portion of the stick, including personal information.
Yet another US specification US 2009132816 by LOCKHEED MARTIN discloses virtual, personal computers implemented on USB drive, cell phone platforms, or other small portable computing platform. Exemplary personal computers include a nanokernel or minikernel configured to boot when connected to a host computer. A memory is provide for storing the nanokernel or minikernel, along with encrypted data, secure keys and certificates, and one or more software applications. The nanokernel or minikernel is configured to allow selected stored software applications to run on the host computer and execute on the user data stored in the memory when the computing apparatus is connected to the host computer and booted. The nanokernel or minikernel is also configured to prevent any other application from executing on user data stored in the memory.
SUMMARY OF THE INVENTION
The Secure USB is a device which is used for the secure Internet Enterprise and /or public / private server Access. The herein disclosed system comprises of an operating system (OS), fingerprint unit to authenticate the user biometrically, ibutton chip for the unique ID of the device used for the authentication of the device, OLED for the general message display, USB, tamper protection circuit and a rechargeable battery to operate the tampering circuit.
Further, the present specification also discloses a method of operating the said device. When the tamper proof secure USB device is connected to the PC, the device checks whether the user is authorized by verifying the fingerprint. Under condition that the user is authorized, the currently running PC gets reboot from the Live OS present in the Secure USB device and permits the user to access the pre-configured websites clean from any kind of security threats. The device has protection against tampering. The device erases the complete data stored in the device in case of tampering.
Also herein described a method for booting a personal computer (PC) from a secure portable USB with customized settings with security measures. As per the principle aspect of the present invention, in response to a detection of an USB device inserted into a computer (PC), the portable storage device is authenticated biometrically and thereby a registration process is carried out which comprises of the enrolling the fingerprints of the user, loading the OS, reading the unique identification number of the device, generating multiple shares and configuring the permitted websites. Of the at least two generated shares, one share will be written to the device and one share will be transmitted to the Authentication and Authorization Gateway along with the other registration details. In response to a successful authentication, data representing a personal working environment associated with a user of the portable storage device is downloaded from the server / memory over the network. After reboot, the said personal computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate in view of the personal working environment.
Other features of the present invention will be apparent from the accompanying drawings and from the detailed description which follows. OBJECTS OF THE INVENTION
Accordingly, the principle object of the present invention is to provide a portable secure USB device intended for securely rebooting a computer from an operating system stored in a portable device and further provide a secure Internet Enterprise and /or private / public server Access.
As per another object of the present invention, there is provided a portable secure USB device which is configured with a Biometric Authentication System based gives an authentic security. As per another object of the present invention there is provided a portable secure USB device which is equipped with Drivers and SDK for all flavors of Windows and Linux so that the enterprise can decide which OS to use and customize it accordingly.
As per another object of the present invention there is provided a portable secure USB device comprising information re-casted in image domain and using proprietary visual cryptographic algorithm the contents are split into multiple shares each transmitted through its own secure channel, so even if a channel is compromised the Hacker cannot recreate the Information. As per another object of the present invention there is provided a portable secure USB device comprising a rechargeable battery which creates the possibility of Tamper Protection even when the device is not connected to the PC. Enough power is made available to complete a complete dog-wash of the system. This ensures forensic cleaning practices leaving no trace for any further reverse engineering.
As per yet another object of the present invention there is provided a portable secure USB device which provides a rewritable space which will be erased at the end of each session, while keeping the main OS on the device in Read Only Mode.
As per an embodiment of the invention, the presence of the Secure USB Bootable device only, the web server site gets revealed and gets access.
As per another embodiment of the present invention, the secure USB device gets authenticated on the Enterprise/Web Server of the Secure USB device which uses a combination of numbers and alphabets cast into image domain and holding partial image details on Secure USB device and rest on the Enterprise/Web Server and then configured for Single-sign-on using proprietary logical image cryptographic based solution. As per another embodiment of the present invention, the incorporation of tamper proof circuit with tactile switches and software daemons for forensically erasing the key-share.
As per exemplary embodiment of the present invention, forward thinking security measures are implemented in the Secure USB bootable device.
As per another exemplary embodiment of the present invention, booting with the secure USB bootable device ensure no key logger software either in terms of software or through any other serial / USB port of the computer terminal is possible as the OS on the secure USB will shut down all the other ports on the computer system. As per yet another exemplary embodiment of the present invention, to prevent auto machine initiation of the Enterprise/Web Server additional security layer of CAPTCHA is implemented to ensure physical portion of client on the terminal of access.
As per another embodiment of the present invention, there is provided a secure USB bootable device with a Docking Station with a Processor/FPGA, the communication channel between the Secure USB bootable device and the Docking Station is done using custom encryption, thereby ensuring the USB protocol analyzers even when inserted between the Secure USB bootable device and the Docking Station will not be able to analyze the communication protocols. As per another embodiment of the present invention, a secure USB bootable device is provide with a QWERTY keyboard component that can interact with any client device like a smart GSM phone/Modem/Intelligent Docking Station.
As per another object of the present invention there is provided a portable secure USB device which comprises of a "Globally Guaranteed Hardware based unique ID", for each product.
As per another object of the present invention there is provided a portable secure USB device which comprises of hardware based tactile switches, triggered, tamper mechanism. The said switches are always active due to the provided rechargeable battery.
BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS
The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings in which like references indicate similar elements.
FIGS. 1A is a block diagram illustrating the secure USB system in accordance with the present invention; FIG. IB is a diagram illustrating a secure USB system in accordance with the present invention;
FIG. 2 is a diagram illustrating the schematic of the controller in accordance with the present invention;
FIG. 3 is a diagram illustrating the system's operational requirements in terms of a use case model consisting of use cases and use case paths in accordance with the present invention;
FIG. 4 is a diagram illustrating administrator use case diagram in accordance with the present invention;
FIG. 5 is a diagram illustrating user use case diagram in accordance with the present invention;
FIG. 6 is a diagram illustrating hacker use case diagram in accordance with the present invention. DETAILED DESCRIPTION Secure USB Bootable Device:
The disclosed secure USB device is used for the secure Internet Enterprise Access. The system is mainly intended for the Government/Enterprise Market. The system comprises of an operating system (OS), fingerprint unit to authenticate the user, i-button for the unique ID of the device used for the authentication of the device, OLED for the general message display, USB, tamper protection circuit and a rechargeable battery to operate the tampering circuit. In the field of offering security to any system it is customary to provide password base system. The password based authentication system can be easily compromised, especially with a compromised PC having hardware based Key loggers. Whereas herein said device further comprises of Biometric Authentication System which provides authentic security. One time registration:
For the purpose of using the secure USB device, firstly the device has to be registered. The registration process comprises of the enrolling the fingerprints of the user, loading the OS, reading the unique identification number of the device, generating the shares and configuring the permitted websites. Of the two generated shares, one share will be written to the device and one share will be transmitted to the Authentication and Authorization Gateway along with the other registration details.
Functionality of the device:
As soon as the system is connected to the PC, the device checks if the user is authorized by verifying the fingerprint. If the user is authorized, the currently running PC will reboot from the Live OS present in the Secure USB device and permits the user to access the pre-configured websites clean from any kind of security threats. The said device is configured with drivers and SDK for all flavors of Windows and Linux so that the enterprise can decide which OS to use and customize it accordingly. In addition the said device has protection against tampering. The device erases the complete data stored in the device in case of tampering. As shown in Fig 1, the disclosed device comprises a low power processor which is interfaced to display, i-button, fingerprint, battery, tamper circuit and USB and flash.
Controller:
As shown in Fig 2, the controller is ARM cortex - MO based processor running at frequencies of up to 50 MHz. The Cortex-M0 processor is built on a highly area and power optimized 32-bit processor core, with a 3-stage pipeline von Neumann architecture. The peripheral complement of the LPCl l lx/LPCl lClx includes up to 32 KB of flash memory, up to 8 KB of data memory, one C CAN controller (LPC1 1C12/14), one Fast-mode Plus I2C-bus interface, one RS-485/EIA-485 UART, up to two SPI interfaces with SSP features, four general purpose timers, a 10-bit ADC, and up to 42 general purpose I/O pins.
This module is low power processor which is interfaced to display, i-button, fingerprint, battery, tamper circuit and USB and flash.
The display is 96x16 OLED display which is connected to the controller through the I2C interface. The controller transmits the messages to be displayed to the OLED display.
The ibutton is used for the unique identification number of the device. The one-wire communication is used between the controller and the ibutton.
The controller is interfaced with the fingerprint module using the UART. The user of the USB device has to be authorized before using the device by his fingerprint verification.
Protection against the physical tampering of the device is provided by connecting the switches to the controller. When any one tries to open the device, the switch open and the controller erases all the internal data present in the device powered by an internal rechargeable battery. The device takes power from the host system. A rechargeable battery is provided for the functioning of the tampering circuit when the device is not connected to the host system. The provision of rechargeable battery creates the possibility of tamper protection even when the device is not connected to the PC and enough power will be available to complete a complete Dog Wash of the system. This ensures forensic cleaning practices leaving no trace for any further reverse engineering.
Universal Serial Bus (USB) is used as a communication channel between the host system and the Secure USB device.
Flash memory to store the operating system.
Display:
The display module is OLED monochrome 96x16 dot matrix display. The characteristics of this module are high brightness, low power consumption, self-emission, high contrast ration, slim/thin outline, wide viewing angle and wide temperature range. Features:
• Display color : Blue
• Dot Matrix : 96x16
• Driver IC : SSD1307Z.
• Interface : I2C
• Operating Temperature : -40°C
System Definition
The secure portable USB device as disclosed herein is configured for a secure access to the preconfigured websites by the authorized user who is mobile. Only on the presence of the Secure USB Bootable device the web server site gets revealed and gets access. In the absence of the Secure USB bootable device the user always land on other web server address where-in the critical component for enterprise view/transaction is absent.
The system has the following functional requirements:
• Secure access to the websites.
• Universal Interface and mobility of the equipment.
• Non-interference of the host environment.
· Authentication and Authorization of the device to the user.
• Self-Destruction in insecure usage.
• A Customised environment for programming at Admin end.
• Has to be hermetically sealed.
Primary System Usage
The Device is primarily used by the end user to securely access the permitted websites. The following scenario explains it:
User authenticates the device with his finger after inserting the device into any available PC. If the PC is already in an OS environment it can be rebooted. After reboot the USB Device will act as a bootable Optical ROM Drive to the PC and the PC boots to the Live OS stored on the device to provide the user with safe browsing environment clean from any kind of security threats.
When the Secure USB device gets authenticated and then Single-sign-on is enabled using proprietary logical image cryptographic based solution. The sign-on doesn't need any third party collaboration as done in PKI technology (Public Key Infrastructure). The client controls all his keys from the Secure USB device Intelligent Authentication mechanism on the Enterprise/Web Server of the Secure USB device uses a combination of numbers and alphabets cast into image domain and holding partial image details on Secure USB device and rest on the Enterprise/Web Server. Authentication strength relies on three facts: a code-tested authentication protocol, such as the Transport Layer Security (TLS) protocol; Secure private-key-storage; and the computational difficulty of calculating the private key. The last two are handled by the logical Image Cryptographic Algorithms implemented on servers.
Secure USB Context
The following scenarios explain the functionality of the system:
One Time device registration:
Administrator using the Administration Software registers the user's fingerprints (10 fingers at 2 samples each) on to the device.
At the time of registration the Administration Software has provision to read the unique ID of the device and store in database on the server for real time verification whenever the Device with Unique ID matches.
The Administrator loads the Bootable Live OS ISO to the USB Device using the Administration Software. With the use of the Secure USB bootable device SaaS in Cloud Computing can be authenticated for secure storage update and access specific to the user of the Secure USB device.
Usage of the device for secure access to the permitted websites:
User authenticates the device with his finger after inserting the device into any available PC. If the PC is already in an OS environment it can be rebooted. After reboot the USB Device will act as a bootable Optical ROM Drive to the PC and the PC boots to the Live OS stored on the device to provide the user with safe browsing environment clean from any kind of security threats.
USB Device also provides an authentication Interface to the OS which can be used by the websites to authenticate the user during transactions.
USB Device provides a display interface to the OS which can be used by the websites to display any information.
Tampering of the device:
If the Fingerprint authentication fails for preconfigured number of times the USB Device's internally erases the complete data stored in the device.
The device is configured for detecting any kind of physical tampering and on detection all the data stored in the said USB device erased.
The disclosed device is incorporated with a tamper proof circuit with tactile switches and software daemons for forensically erasing the key-share. The other programs (OS and Server access details) are provided on the Secure USB device. Dog-wash methods of erasure have been implemented on the said device. Forward thinking security measures have been implemented in the Secure USB bootable device. Tamper proof design takes care of attacks in categories of a) Mechanical (invasive attacks) b) Electrical (invasive attacks) and c) Software (Non-invasive attacks)
The various threat models are taken into care and the appropriate security envelopes for the product have been designed.
Booting with the secure USB bootable device ensure no key logger software either in terms of software or through any other serial / USB port of the computer terminal is possible as the OS on the secure USB will shut down all the other ports on the computer system. This ensures complete assurance of not running any stealthy keystroke logger on the computer terminal when booted with the proposed Secure USB bootable device. When the disclosed secure portable bootable USB device is plugged in to a computer and /or other systems as described in the later portion, the device draws power through the USB port to activate the said device. In response to a detection of an USB device inserted into a computer (PC), the portable storage device is authenticated biometrically and thereby a registration process is carried out which comprises of the enrolling the fingerprints of the user, loading the OS, reading the unique identification number of the device, generating the shares and configuring the permitted websites. The device shuts down the OS on the PC before loading the OS from the USB device. There is provided a read only OS in the USB device. Herein the boot sequence from CD-ROMs should be programmed in the PC and root permissions are required for the reboot.
Upon booting from said device, it gets connected to the web server URL/IP address to the re-programmed web address on the Device A by the Enterprise who distributes the Device to the client. Only when the device A is authenticated by the server using the two shares on the device and server and combing them using logical cryptography and verifying the combined value with the "I" button unique id on the device the URL doors for connectivity between the device and server are made. This ensures the device A is genuine and connected to the server.
The connectivity between the user USB device and the server(web) with URL is a VPN and all the s/w , cookies etc required for connectivity to the server (web) is available on the said device. The specific web URL address is visible on the web only with the users having valued devices. The login onto server further is activated by PIN and password and also CATCH A. Further all transaction between server (web) and clients with Device A are secure and safe and private to the client and no contact from the server gets written onto the USB device flash as it is only read only device.
Among the generation of the shares during the process of authorization and authentication of the said USB device, one share will be written to the device and one share will be transmitted to the Authentication and Authorization Gateway along with the other registration details. In response to a successful authentication, data representing a personal working environment associated with a user of the portable storage device is downloaded from the server / memory over the network. After reboot, the said personal computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate in view of the personal working environment.
Human Actors
The said secure USB device interacts, either directly or indirectly, with the following significant human actors. Herein fig. 3 illustrates system operational overview wherein the different system's operational requirements in terms of a use case model consisting of use cases and use case paths.
• Administrator.
• User.
• Hacker.
External Data Repositories
The said secure USB device interacts, either directly or indirectly, with the following significant external data repositories:
• Server database
External Hardware
The said secure USB device interacts, either directly or indirectly, with the following significant external hardware: Any PC/Laptop which is configured to boot up from the CDROM present in the USB.
External Networks
The said secure USB device interacts, either directly or indirectly, with the following significant external networks:
• VPN of the permitted websites.
External Software
The said secure USB device interacts, either directly or indirectly, with the following significant external software:
• Secure USB Administration Software
• Secure USB Authentication and Display Drivers
As per one of the embodiment of the present invention, wherein the online device authentication on server, the whole server- client transaction is by VPN using the combination of key-parts from server and the client. This obviates the need for passwords and other authentication methods. The competitor, Lockheed needs password on the host PC and keyboard for creating a secure tunnel.
Further to prevent auto machine initiation of the Enterprise/Web Server additional security layer of CAPTCHA is implemented to ensure physical portion of client on the terminal of access. The whole ecosystem of Enterprise/Web Server, VPN tunnel between Enterprise/Web Server and the Secure USB bootable device is configured, designed and fabricated including the Proprietary Single sign on with logical image security to meet up the desired objectives.
External Actors
This subsection describes and specifies external actors (human actors, teams, and organizations), the associated externals, and all use cases primarily driven by these externals. Administrator
The subsection specifies the operational requirements primarily concerning Administrator as shown in Fig 4 (administrator use case diagram).
Definition:
The administrator using the administration software makes a record of the details of the user, fingerprints (10 fingers at 2 samples each) transmitted to AAG. The administrator software reads the devices unique identity number and stores the unique ID value in the server database for later matching. The administrator also configures the websites to be permitted while using the device and stores them into the device and loads the Bootable Live OS ISO to the USB Device using the Administration Software.
Responsibilities of the Administrator:
• The administrator has to verify the account details and identification details of the user.
• Provide the valid permitted websites.
Capabilities of Administrator:
• Should have knowledge of the computer.
User
The subsection specifies the operational requirements primarily concerning user as shown in Fig 5 (user use case diagram).
Definition:
When the user connects the device to PC/Laptop, the device verifies the fingerprint of the user with the enrolled fingerprints. If the fingerprint matches, the running PC/laptop will shut down and reboots with the OS present on the USB device and provides the user a secure browsing environment with the pre-configured websites.
Responsibilities of the User:
• Provide the fingerprint whenever requested.
Capabilities of the User:
• Should have knowledge of the computer. Hacker
The subsection specifies the operational requirements primarily concerning hacker Fig 6 (hacker use case diagram).
Definition:
The device can be tampered by two ways, by the fingerprint or by physical tampering.
• If the fingerprint authentication fails for the preconfigured number of times the complete data stored in the device will be erased.
• To protect the device from physical tempering, four switches were place at the four corners of the device. When any hacker tries to open the device, the switch opens and the complete data on the device will be erased.
As per one of embodiment of the present invention the Secure USB bootable device is provided with a Docking Station with a Processor/FPGA, the communication channel between the Secure USB bootable device and the Docking Station is done using custom encryption, thereby ensuring the USB protocol analyzers even when inserted between the Secure USB bootable device and the Docking Station will not be able to analyze the communication protocols. This device definition will ensure highest level of security. The docking station may be a thin-Client with Zero Application Docking Station with 10" LCD Touch Screen (XGA) with 100/lGbps Ethernet Connectivity for Internet/Intranet Server Access, bootable with the Secure USB Bootable device with an objective is to provide alternate secure terminals at static locations networked for secure access of the servers.
As per another embodiment of the present invention the secure USB bootable device is provided with a QWERTY keyboard component can interact with any client device like a smart GSM phone/Modem/Intelligent Docking Station.
As per another embodiment of the present invention, the device is configured with logical cryptography. The resident information is recast in image domain and using proprietary visual cryptographic algorithm the contents are split into multiple shares each transmitted through its own secure channel, so even if a channel is compromised the Hacker will not recreate the Information. A Docking station with a Microcontroller/FPGA Processor (for robustness and high degree of security) and features like with USB Ports, Ethernet Port, Graphics Display, Soft/Virtual Keyboard (invoked from the USB Device when inserted), and Fingerprint Scanner built-in with verification on the USB Device will be designed and implemented. The Secure USB Bootable device when used with the docking station that authenticates the USB device and also do all the communications between the Secure USB Bootable device and the Docking Station with encryption. This ensures complete confidentiality and prevents analysis of the traffic even when a USB Analyzer is inserted between the Docking Station and the Secure Bootable USB device. Secure VPN tunnel between the Enterprise Server and the Docking Station with the USB Bootable device gets established. Multi Enterprisers can share the same docking station for the Secure Transactions.
As per yet another exemplary embodiment of the present invention, there is provided a rewritable space within the said device which will be erased at the end of each session, while keeping the main OS on the device in Read Only Mode.
Another embodiment of the present invention provides a Globally Guaranteed Hardware based Unique ID across all versions of the said product.
One of the embodiments of the said Secure USB device will have a Virtual Keyboard software application and a Bluetooth connection to connect to Smart GSM Phones. Upon Connection the Virtual Keyboard application form the Secure USB device will run on the smart phone for the purpose of any keying of data for Access to Enterprise server. The Secure USB device will be self powered by battery/AC adapter. Virtual keyboards guarantees no key stoke recordings even if any key-logger would have been active on the Smart phone. No booting of OS is envisaged in this embodiment. This new embodiment will ensure large user base especially the GSM based users with Smart phones appliances to get into secure Mobile payments and enterprise server transactions.
Also, the said device (same base device with variants or not) can connect to any device (PC, laptop, mobile, docking station etc) and therefore, is device independent (unlike Lockheed or other products). This could be a big advantage for users who use both PC and mobile or docking station (this is the majority of users anyway). Also, could be it connectivity independent (USB, bluetooth, GSM modem or WiFi). In addition in an application the said device can be used in banks appended with Bank's cheques dispenser unit with an instant cheque drop receipt authenticated with Bank details, date and time stamp.
In any embodiment, skilled artisans will appreciate that enterprises can modify the design of the hardware of the USB Bootable device is modified with the under mentioned features/interfaces/protocols for enabling secure enterprise server access through GPRS/WAP connectivity of GSM Smart Phones like inclusion of Bluetooth Interface for Smart-GSM Phone connectivity, WiFi Connectivity circuit on the USB Device for Smart-Phone GSM Connectivity/WiFi Router connected to Internet, Soft-Keyboard application launched from the USB Device onto the mobile platform for all key-board interaction on the Smart-phone for server access and transactions, Self-powered (battery/main power supply with DC conversion) onto the USB device for sustained interaction with the smart-phone. Critical Points:
1. The herein disclosed USB storage device renders relatively useless without the proper authentication and security precautions in place.
2. It is a "Secure Enterprise Server Access with self bootable OS" in it.
3. It has all the required info and software to access the web server with no additional cookies from the server. 4. It has shrunk a computer onto a portable private & Secure USB based bootable device.
5. Circumvents Key-Loggers and phishing attacks
6. The device can also be used to run secure portable applications directly from the device.
7. The variant of the secure USB with provision to storage is built with a hardware based encryption which cannot be disabled by malware or intruder.
8. On the Secure USB with storage version, encryption chip base on FPGA a provision to implement customized and indigenously developed encryption algorithm and associated key managements by Government/Enterprise is provided.
9. The Populated PCB is conformal coated with epoxy-based potting compound preventing circuit exposure with component details.
10. Secure USB with storage option can store documents, music, photos, e-mails upto 4GB.
1 1. Only high quality flash memories are used.
Naturally, many more examples can be imagined by the artisan of ordinary skill in the art and a near endless variety of examples can occur. Also, any of the foregoing embodiments contemplate that the operating system and applications could be any of many individual domains in a virtual computing environment. That is, the operating system shown could be a host or guest operating system, (e.g., Linux, Windows, Netware, Unix, etc.), each with its own applications, file systems, etc. Although the foregoing description of the present invention has been shown and described with reference to particular embodiments and applications thereof, it has been presented for purposes of illustration and description and is not intended to be exhaustive or to limit the invention to the particular embodiments and applications disclosed. It will be apparent to those having ordinary skill in the art that a number of changes, modifications, variations, or alterations to the invention as described herein may be made, none of which depart from the spirit or scope of the present invention. The particular embodiments and applications were chosen and described to provide the best illustration of the principles of the invention and its practical application to thereby enable one of ordinary skill in the art to utilize the invention in various embodiments and with various modifications as are suited to the particular use contemplated. All such changes, modifications, variations, and alterations should therefore be seen as being within the scope of the present invention as determined by the appended claims when interpreted in accordance with the breadth to which they are fairly, legally, and equitably entitled.

Claims

WHAT IS CLAIMED IS: l .The secure tamper proof USB device to provide a secure Internet / server access comprises of :
An operating system (OS), biometnc / fingerprint unit to authenticate the user, i-button for the unique ID of the device used for the authentication of the device, OLED for the general message display, USB tamper protection circuit and a rechargeable battery to operate the tampering circuit.
2. The secure tamper proof USB as claimed in claim i, wherein the portable secure USB device is configured for securely rebooting a computer from the operating system stored in a portable device and provides a secure Internet Enterprise and /or private / public server Access.
3. The secure tamper proof USB as claimed in claim 1, wherein the said device is configured with a Biometric Authentication System which gives an authentic security.
4. The secure tamper proof USB as claimed in claim 1, wherein the said device is equipped with Drivers and SDK for all flavors of Windows and Linux so that the user can decide which OS to use and customize it accordingly.
5. The secure tamper proof USB as claimed in claim 1, wherein the device further comprises of information recasted in image domain and using visual cryptographic algorithm.
6. The secure tamper proof USB as claimed in claim 1 , wherein the contents of the said device are split into multiple shares and each share is transmitted through its own secure channel, so even if a channel is compromised the Hacker cannot recreate the Information.
7. The secure tamper proof USB as claimed in claim 1, wherein the rechargeable battery draws power from the USB and creates the possibility of Tamper Protection even when the device is not connected to the PC.
8. The secure tamper proof USB as claimed in claim 1, wherein enough power is made available to the said device through the battery to complete a complete Dog Wash of the system and ensures forensic cleaning practices leaving no trace for any further reverse engineering.
9.The secure tamper proof USB as claimed in claim 1, wherein the said device is provided with a rewritable space which is erased at the end of each session, while keeping the main OS on the device in Read Only Mode.
10. The secure tamper proof USB as claimed in claim 1, wherein after the authentication, in the presence of the Secure USB Bootable device the web server site gets revealed and gets access.
11. The secure tamper proof USB as claimed in claim 1 , wherein the said device gets authenticated on the Enterprise/Web Server of the Secure USB device and uses a combination of numbers and alphabets cast into image domain and holding partial image details on Secure USB device and rest on the Enterprise/Web Server and then configured for Single-sign-on using logical image cryptographic based solution.
12. The secure tamper proof USB as claimed in claim 1, wherein the tamper proof circuit comprises with tactile switches and software daemons for forensically erasing the key- share.
13. The secure tamper proof USB as claimed in claim 1, wherein the hardware based tactile switches comprise triggered tamper mechanism and are always active due to the provided rechargeable battery.
14. The secure tamper proof USB as claimed in claim 1, wherein the said device further comprises with forward thinking security measures and are implemented in the Secure USB bootable device.
15. The secure tamper proof USB as claimed in claim 1, wherein the booting with the secure USB bootable device ensure no key logger software either in terms of software or through any other serial / USB port of the computer terminal and the OS on the secure USB shuts down all the other ports on the computer system.
16. The secure tamper proof USB as claimed in claim 1, wherein the said device is configured to prevent auto machine initiation of the Enterprise/Web Server additional security layer of CAPTCHA is implemented to ensure physical portion of client on the terminal of access.
17. The secure tamper proof USB as claimed in claim 1, wherein the said device is provided with a Docking Station with a Processor/FPGA and the communication channel between the Secure USB bootable device and Docking Station is done using custom encryption, thereby ensuring the USB protocol analyzers even when inserted between the Secure USB bootable device and the Docking Station is unable to analyze the communication protocols.
18. The secure tamper proof USB as claimed in claim 1, wherein the said device is provided with a keyboard component that can interact with any client device like a smart GSM phone/Modem/Intelligent Docking Station.
19. The secure tamper proof USB as claimed in claim 1, wherein the said device is provided with a Globally Guaranteed Hardware based unique ID.
20. The secure tamper proof USB as claimed in claim 1, wherein the said device is configured for large user base especially the GSM based users with Smart phones appliances to get into secure Mobile payments and enterprise server transactions.
21. A computer-implemented method for establishing a secure Internet / server access through secure tamper proof USB device comprising the steps of:
connecting the secure portable USB device to the PC;
checking for whether the user is authorized biometrically;
under condition that the user is authorized, the currently running PC gets reboot from the Live OS present in the Secure USB device and permits the user to access the pre-configured websites clean from any kind of security threats;
under condition that the user is not authorized, the currently running PC does not gets reboot and ask for proper authorization;
under condition that the user does any tampering to the said device, the tampering circuit gets triggered and it erases the complete data stored in the said device.
22. A computer-implemented method as claimed in claim 21, wherein the step of authorizing further comprising the step of :
authenticating the user biometrically with respect to the portable storage device; registering the authenticated user which comprises of the enrolling of the fingerprints of the user, loading the OS, reading the unique identification number of the device, generating multiple shares and configuring the permitted websites.
23. A computer-implemented method as claimed in claim 22, wherein at least two shares are generated, for which one share is written to the device and one share is transmitted to the Authentication and Authorization Gateway along with the other registration details.
24. A computer-implemented method as claimed in claim 22, wherein under response to a successful authentication, data representing a personal working environment associated with the user of the portable storage device is downloaded from the server / memory over the network.
25. A computer-implemented method as claimed in claim 21, wherein after reboot, the said personal computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate in view of the personal working environment.
26. A computer-implemented method as claimed in claim 21, wherein the portable secure USB device is configured for securely rebooting a computer from the operating system stored in a portable device and provides a secure Internet Enterprise and /or private / public server Access.
27. A computer-implemented method as claimed in claim 21, wherein the said device is configured with a Biometric Authentication System preferable any finger from the group of ten fingers which gives an authentic security.
28. A computer-implemented method as claimed in claim 21, wherein the said method is equipped with handling the Drivers and SDK for all flavors of Windows and Linux so that the enterprise can decide which OS to use and customize it accordingly.
29. A computer-implemented method as claimed in claim 21, wherein the said device further comprises of information recasted in image domain and using visual cryptographic algorithm.
30. A computer-implemented method as claimed in claim 21, wherein the contents of the said device are split into multiple shares and each is transmitted through its own secure channel, so even if a channel is compromised the Hacker cannot have any access to the Information.
31. A computer-implemented method as claimed in claim 21, wherein the tamper proof circuit is powered by a rechargeable battery which draws power from the USB and creates the possibility of tamper protection even when the device is not connected to the PC.
32. A computer-implemented method as claimed in claim 31, wherein enough power is made available to the said device through the battery to complete a complete Dog Wash of the system and ensures forensic cleaning practices leaving no trace for any further reverse engineering.
33. A computer-implemented method as claimed in claim 21, wherein the said method is configured for handling a rewritable space which is erased at the end of each session, while keeping the main OS on the device in Read Only Mode.
34. A computer-implemented method as claimed in claim 21, wherein after the authentication, in the presence of the Secure USB Bootable device the web server site gets revealed and gets access.
35. A computer-implemented method as claimed in claim 21, wherein said method is configured for getting the said device authenticated for the Enterprise/Web Server of the
Secure USB device and uses a combination of numbers and alphabets cast into image domain and holding partial image details on Secure USB device and rest on the Enterprise/Web Server and then configured for Single-sign-on using logical image cryptographic based solution.
36. A computer-implemented method as claimed in claim 31, wherein the tamper proof circuit further comprises with tactile switches and software daemons for forensically erasing the key- share.
37. A computer-implemented method as claimed in claim 31 , wherein the hardware based tactile switches comprise triggered tamper mechanism and are always active due to the provided rechargeable battery.
38. The secure tamper proof USB as claimed in claim 1, wherein the said method is configured for forward thinking security measures and are implemented in the Secure USB bootable device.
39. A computer-implemented method as claimed in claim 21, wherein the booting with the secure USB bootable device ensure no key logger software either in terms of software or through any other serial / USB port of the computer terminal and the OS on the secure USB shuts down all the other ports on the computer system.
40. A computer- implemented method as claimed in claim 21, wherein the said method is configured to prevent auto machine initiation of the Enterprise/Web Server additional security layer of CAPTCHA is implemented to ensure physical portion of client on the terminal of access.
41. A computer-implemented method as claimed in claim 21, wherein the said method is configured for a Docking Station with a Processor/FPGA and the communication channel between the Secure USB bootable device and Docking Station is done using custom encryption, thereby ensuring the USB protocol analyzers even when inserted between the Secure USB bootable device and the Docking Station is unable to analyze the communication protocols.
42. A computer-implemented method as claimed in claim 21, wherein the said method is configured for a keyboard component that can interact with any client device like a smart
GSM phone/Modem/Intelligent Docking Station.
43. A computer-implemented method as claimed in claim 21, wherein the said method is configured for a Globally Guaranteed Hardware based unique ID.
44. A computer-implemented method as claimed in claim 21, wherein the said method is configured for large user base especially the GSM based users with Smart phones appliances to get into secure Mobile payments and enterprise server transactions.
45. A computer-implemented method as claimed in claim 21, wherein the said method is configured for Bluetooth Interface for Smart-GSM Phone connectivity, WiFi Connectivity circuit on the USB Device for Smart-Phone GSM Connectivity / WiFi Router connected to Internet, Soft-Keyboard application launched from the USB Device onto the mobile platform for all key-board interaction on the Smart-phone for server access and transactions, and Self-powered (battery/main power supply with DC conversion) onto the USB device for sustained interaction with the smart-phone.
PCT/IN2011/000358 2011-02-17 2011-05-24 Secure tamper proof usb device and the computer implemented method of its operation WO2012111018A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN455CH2011 2011-02-17
IN455/CHE/2011 2011-02-17

Publications (1)

Publication Number Publication Date
WO2012111018A1 true WO2012111018A1 (en) 2012-08-23

Family

ID=44583605

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2011/000358 WO2012111018A1 (en) 2011-02-17 2011-05-24 Secure tamper proof usb device and the computer implemented method of its operation

Country Status (1)

Country Link
WO (1) WO2012111018A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2750033A1 (en) * 2012-12-27 2014-07-02 Telefonica S.A. Portable modem communication device and Method to provide connectivity capabilities to a computing device
US8876005B2 (en) 2012-09-28 2014-11-04 Symbol Technologies, Inc. Arrangement for and method of managing a soft keyboard on a mobile terminal connected with a handheld electro-optical reader via a bluetooth® paired connection
US9009359B2 (en) 2013-03-29 2015-04-14 International Business Machines Corporation Emulating multiple universal serial bus (USB) keys so as to efficiently configure different types of hardware
US9245131B2 (en) 2013-03-29 2016-01-26 International Business Machines Corporation Multi-user universal serial bus (USB) key with customizable file sharing permissions
CN106127016A (en) * 2016-07-18 2016-11-16 浪潮集团有限公司 A kind of operating system user logs in system and the implementation method of authentic authentication
CN106874232A (en) * 2015-12-14 2017-06-20 中兴通讯股份有限公司 The charging method of general-purpose serial bus USB, device and terminal
US9720852B2 (en) 2013-03-29 2017-08-01 International Business Machines Corporation Universal serial bus (USB) key functioning as multiple USB keys so as to efficiently configure different types of hardware
EP3164773A4 (en) * 2015-03-31 2017-08-23 SZ DJI Technology Co., Ltd. Systems and methods for monitoring flight
EP3451215B1 (en) 2017-08-28 2019-12-18 Siemens Aktiengesellschaft Hardware device and method for operating and producing a hardware device
CN111131201A (en) * 2019-12-12 2020-05-08 国网电子商务有限公司 Multi-user sharing method and device for lattice intelligent writing data
CN111125795A (en) * 2018-10-30 2020-05-08 意法半导体股份有限公司 Tamper-resistant device for integrated circuit cards
CN111597520A (en) * 2020-05-18 2020-08-28 贵州电网有限责任公司 Computer USB interface information security prevention and control method and system
US10867047B2 (en) 2015-03-11 2020-12-15 Hewlett-Packard Development Company, L.P. Booting user devices to custom operating system (OS) images
CN116383902A (en) * 2023-02-28 2023-07-04 国网浙江省电力有限公司常山县供电公司 Secret-related USB interface authorized connection equipment and authorized connection method thereof

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0417447A2 (en) * 1989-09-12 1991-03-20 International Business Machines Corporation Data protection by detection of intrusion into electronic assemblies
US20030070079A1 (en) * 2001-10-04 2003-04-10 International Business Machines Corporation Method and system for preboot user authentication
US20060064577A1 (en) * 2004-09-21 2006-03-23 Aimgene Technology Co., Ltd. BIOS locking device, computer system with a BIOS locking device and control method thereof
EP1762956A2 (en) * 2005-09-09 2007-03-14 Fujitsu Siemens Computers GmbH Computer with at least one connection for a removable storage medium and method of starting and operating of a computer with a removable storage medium
US20080082813A1 (en) * 2000-01-06 2008-04-03 Chow David Q Portable usb device that boots a computer as a server with security measure
US20080172555A1 (en) 2007-01-17 2008-07-17 Erink Technologies, Llc Bootable thin client personal initialization device
US20080244689A1 (en) 2007-03-30 2008-10-02 Curtis Everett Dalton Extensible Ubiquitous Secure Operating Environment
CN101398764A (en) 2007-09-25 2009-04-01 智多星电子科技有限公司 Portable usb device that boots a computer as a server with security measure
US20090132816A1 (en) 2007-11-15 2009-05-21 Lockheed Martin Corporation PC on USB drive or cell phone
WO2009154705A1 (en) 2008-06-20 2009-12-23 Lockheed Martin Corporation Interconnectable personal computer architectures that provide secure, portable and persistent computing environments
EP2204756A1 (en) * 2008-12-30 2010-07-07 Intel Corporation Pre-boot recovery of a locked computer system

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0417447A2 (en) * 1989-09-12 1991-03-20 International Business Machines Corporation Data protection by detection of intrusion into electronic assemblies
US20080082813A1 (en) * 2000-01-06 2008-04-03 Chow David Q Portable usb device that boots a computer as a server with security measure
US20030070079A1 (en) * 2001-10-04 2003-04-10 International Business Machines Corporation Method and system for preboot user authentication
US20060064577A1 (en) * 2004-09-21 2006-03-23 Aimgene Technology Co., Ltd. BIOS locking device, computer system with a BIOS locking device and control method thereof
EP1762956A2 (en) * 2005-09-09 2007-03-14 Fujitsu Siemens Computers GmbH Computer with at least one connection for a removable storage medium and method of starting and operating of a computer with a removable storage medium
US20080172555A1 (en) 2007-01-17 2008-07-17 Erink Technologies, Llc Bootable thin client personal initialization device
US20080244689A1 (en) 2007-03-30 2008-10-02 Curtis Everett Dalton Extensible Ubiquitous Secure Operating Environment
CN101398764A (en) 2007-09-25 2009-04-01 智多星电子科技有限公司 Portable usb device that boots a computer as a server with security measure
US20090132816A1 (en) 2007-11-15 2009-05-21 Lockheed Martin Corporation PC on USB drive or cell phone
WO2009154705A1 (en) 2008-06-20 2009-12-23 Lockheed Martin Corporation Interconnectable personal computer architectures that provide secure, portable and persistent computing environments
EP2204756A1 (en) * 2008-12-30 2010-07-07 Intel Corporation Pre-boot recovery of a locked computer system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"DS5002FP SECURE MICROPROCESSOR CHIP", INTERNET CITATION, February 1998 (1998-02-01), XP002253631, Retrieved from the Internet <URL:http://web.archive.org/web/19980610053242/www.dalsemi.com/DocControl/ PDFs/5002fp.pdf> [retrieved on 20030905] *
SCHMIDT J ET AL: "Hols vom St ckchen", CT MAGAZIN FUER COMPUTER TECHNIK, HEISE ZEITSCHRIFTEN VERLAG, HANNOVER, DE, no. 13, 16 June 2003 (2003-06-16), pages 208 - 210, XP002453498, ISSN: 0724-8679 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8876005B2 (en) 2012-09-28 2014-11-04 Symbol Technologies, Inc. Arrangement for and method of managing a soft keyboard on a mobile terminal connected with a handheld electro-optical reader via a bluetooth® paired connection
EP2750033A1 (en) * 2012-12-27 2014-07-02 Telefonica S.A. Portable modem communication device and Method to provide connectivity capabilities to a computing device
WO2014102301A1 (en) * 2012-12-27 2014-07-03 Telefonica, S.A. Method to provide connectivity capabilities to a computing device
US9009359B2 (en) 2013-03-29 2015-04-14 International Business Machines Corporation Emulating multiple universal serial bus (USB) keys so as to efficiently configure different types of hardware
US9245131B2 (en) 2013-03-29 2016-01-26 International Business Machines Corporation Multi-user universal serial bus (USB) key with customizable file sharing permissions
US9245130B2 (en) 2013-03-29 2016-01-26 International Business Machines Corporation Multi-user universal serial bus (USB) key with customizable file sharing permissions
US9720852B2 (en) 2013-03-29 2017-08-01 International Business Machines Corporation Universal serial bus (USB) key functioning as multiple USB keys so as to efficiently configure different types of hardware
US9720853B2 (en) 2013-03-29 2017-08-01 International Business Machines Corporation Universal serial bus (USB) key functioning as multiple USB keys so as to efficiently configure different types of hardware
US10867047B2 (en) 2015-03-11 2020-12-15 Hewlett-Packard Development Company, L.P. Booting user devices to custom operating system (OS) images
US10692311B2 (en) 2015-03-31 2020-06-23 SZ DJI Technology Co., Ltd. Systems and methods for monitoring flight
EP3164773A4 (en) * 2015-03-31 2017-08-23 SZ DJI Technology Co., Ltd. Systems and methods for monitoring flight
US9875584B2 (en) 2015-03-31 2018-01-23 SZ DJI Technology Co., Ltd Systems and methods for monitoring flight
CN106874232A (en) * 2015-12-14 2017-06-20 中兴通讯股份有限公司 The charging method of general-purpose serial bus USB, device and terminal
CN106874232B (en) * 2015-12-14 2021-07-30 中兴通讯股份有限公司 Charging method, device and terminal of Universal Serial Bus (USB)
CN106127016A (en) * 2016-07-18 2016-11-16 浪潮集团有限公司 A kind of operating system user logs in system and the implementation method of authentic authentication
CN106127016B (en) * 2016-07-18 2018-08-17 浪潮集团有限公司 A kind of operating system user logs in the system and implementation method of authentic authentication
EP3451215B1 (en) 2017-08-28 2019-12-18 Siemens Aktiengesellschaft Hardware device and method for operating and producing a hardware device
CN111125795A (en) * 2018-10-30 2020-05-08 意法半导体股份有限公司 Tamper-resistant device for integrated circuit cards
CN111125795B (en) * 2018-10-30 2024-03-26 意法半导体股份有限公司 Tamper resistant device for integrated circuit card
CN111131201A (en) * 2019-12-12 2020-05-08 国网电子商务有限公司 Multi-user sharing method and device for lattice intelligent writing data
CN111597520A (en) * 2020-05-18 2020-08-28 贵州电网有限责任公司 Computer USB interface information security prevention and control method and system
CN111597520B (en) * 2020-05-18 2023-10-17 贵州电网有限责任公司 Computer USB interface information security prevention and control method and system
CN116383902A (en) * 2023-02-28 2023-07-04 国网浙江省电力有限公司常山县供电公司 Secret-related USB interface authorized connection equipment and authorized connection method thereof
CN116383902B (en) * 2023-02-28 2023-12-19 国网浙江省电力有限公司常山县供电公司 Secret-related USB interface authorized connection equipment and authorized connection method thereof

Similar Documents

Publication Publication Date Title
WO2012111018A1 (en) Secure tamper proof usb device and the computer implemented method of its operation
US8335931B2 (en) Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
US8832778B2 (en) Methods and apparatuses for user-verifiable trusted path in the presence of malware
US8522018B2 (en) Method and system for implementing a mobile trusted platform module
Parno et al. Bootstrapping trust in modern computers
England et al. A trusted open platform
US20170230179A1 (en) Password triggered trusted encrytpion key deletion
US8868898B1 (en) Bootable covert communications module
Vasudevan et al. Trustworthy execution on mobile devices: What security properties can my mobile platform give me?
KR101704329B1 (en) Securing results of privileged computing operations
US8996885B2 (en) Secure virtual machine manager
US8156331B2 (en) Information transfer
US20110265156A1 (en) Portable security device protection against keystroke loggers
EP3706019B1 (en) Hardware-enforced access protection
KR20160055208A (en) Mobile communication device and method of operating thereof
US9015454B2 (en) Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys
WO2009123631A1 (en) Binding a cryptographic module to a platform
US20150172281A1 (en) System and method for generating one-time password for information handling resource
CN109804598B (en) Method, system and computer readable medium for information processing
Mannan et al. Unicorn: Two-factor attestation for data security
US20150264024A1 (en) System and method for confidential remote computing
Zhou et al. KISS:“key it simple and secure” corporate key management
NO340355B1 (en) 2-factor authentication for network connected storage device
Brasser et al. Softer Smartcards: Usable Cryptographic Tokens with Secure Execution
Nepal et al. Trust extension device: providing mobility and portability of trust in cooperative information systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11738496

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11738496

Country of ref document: EP

Kind code of ref document: A1