Processing

Please wait...

Settings

Settings

Goto Application

1. EP3317802 - SYSTEM AND METHOD FOR SECURELY CONNECTING TO A PERIPHERAL DEVICE

Office European Patent Office
Application Number 16845832
Application Date 05.09.2016
Publication Number 3317802
Publication Date 09.05.2018
Publication Kind B1
IPC
G06F 21/50
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/56
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/82
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
82Protecting input, output or interconnection devices
CPC
G06F 13/107
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
13Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
10Program control for peripheral devices
105where the programme performs an input/output emulation function
107Terminal emulation
G06F 13/4282
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
13Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
38Information transfer, e.g. on bus
42Bus transfer protocol, e.g. handshake; Synchronisation
4282on a serial bus, e.g. I2C bus, SPI bus
G06F 21/56
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
55Detecting local intrusion or implementing counter-measures
56Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/82
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
82Protecting input, output or interconnection devices
H04L 63/0272
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0272Virtual private networks
H04L 63/08
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
Applicants GATEKEEPER LTD
Inventors LITICHEVER GIL
GUTENTAG ODED
ZVULUNY EYAL
HERSHLER ARIEL
Designated States
Priority Data 201562218838 15.09.2015 US
Title
(DE) SYSTEM UND VERFAHREN ZUR SICHEREN VERBINDUNG MIT EINEM PERIPHERIEVORRICHTUNG
(EN) SYSTEM AND METHOD FOR SECURELY CONNECTING TO A PERIPHERAL DEVICE
(FR) SYSTÈME ET PROCÉDÉ CONÇUS POUR LA CONNEXION SÉCURISÉE À UN DISPOSITIF PÉRIPHÉRIQUE
Abstract
(EN)
A device connectable between a host computer and a computer peripheral over a standard bus interface is disclosed, used to improve security, and to detect and prevent malware operation. Messages passing between the host computer and the computer peripherals are intercepted and analyzed based on pre-configured criteria, and legitimate messages transparently pass through the device, while suspected messages are blocked. The device communicates with the host computer and the computer peripheral using proprietary or industry standard protocol or bus, which may be based on a point-to-point serial communication such as USB or SATA. The messages may be stored in the device for future analysis, and may be blocked based on current or past analysis of the messages. The device may serve as a VPN client and securely communicate with a VPN server using the host Internet connection.

(FR)
L'invention concerne un dispositif pouvant être connecté entre un ordinateur hôte et un périphérique d'ordinateur par l'intermédiaire d'une interface bus standard, et ce dispositif sert à améliorer la sécurité ainsi qu'à détecter et empêcher une opération par un logiciel malveillant. Des messages circulant entre l'ordinateur hôte et le périphérique d'ordinateur sont interceptés et analysés sur la base de critères configurés au préalable, et les messages légitimes passent de manière transparente à travers le dispositif, tandis que les messages suspects sont bloqués. Le dispositif communique avec l'ordinateur hôte et le périphérique d'ordinateur au moyen d'un protocole ou bus propriétaires ou répondant aux normes industrielles, qui peuvent être basés sur une communication en série point à point telle qu'USB ou SATA. Les messages peuvent être mémorisés par le dispositif pour une analyse ultérieure, et peuvent être bloqués en fonction d'une analyse courante ou passée des messages. Le dispositif peut servir de client VPN et communiquer de manière sécurisée avec un serveur VPN au moyen de la connexion Internet hôte.