US2005108525A1PendingUtilityA1

Method and system for maintaining secure data input and output

48
Assignee: XSIDES CORPPriority: Jun 8, 2001Filed: Dec 10, 2004Published: May 19, 2005
Est. expiryJun 8, 2021(expired)· nominal 20-yr term from priority
G06F 21/82Y10S707/99939Y10S707/99932
48
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods and systems for enhancing the security of data during input and output on a client computer system are provided to prevent attempts by unauthorized code to access, intercept, and/or modify data. Example embodiments provide a plurality of obfuscation techniques and security enhanced drivers that use these obfuscation techniques to prohibit unauthorized viewing/receiving of valid data. When the drivers are used together with the various obfuscation techniques, the security enhanced drivers provide mechanisms for “scheduling” the content of the storage areas used to store the data so that valid data is not available to unauthorized recipients. When unauthorized recipients attempt to access the “data,” they perceive or receive obfuscated data. The obfuscation techniques described include “copy-in,” “replace and restore,” and “in-place replacement” de-obfuscation/re-obfuscation techniques. In one embodiment, a security enhanced display driver, a security enhanced mouse driver, a security enhanced keyboard driver, and a security enhanced audio driver are provided. To complement the security enhancements, the methods and systems also provide for a watchdog mechanism to ensure that the driver is functioning as it should be and various user interface techniques for denoting security on a display device.

Claims

exact text as granted — not AI-modified
1 . A method for incorporating a security enhanced driver into an existing operating system having a plurality of input and output (I/O) drivers that process I/O events, comprising: 
 installing the security enhanced driver so that the security enhanced driver intercepts an I/O event and ensures that content associated with the I/O event is accessible in a valid form only to requesters authorized to access the content and that invalid data is accessible to requesters not authorized to access the content.    
   
   
       2 . The method of  claim 1  wherein the installing is performed by modifying one of the plurality of I/O drivers to perform the intercepting and ensuring.  
   
   
       3 . The method of  claim 2 , the modified I/O driver having code prior to modification that processes an I/O event, further comprising: 
 forwarding the I/O event to the code prior to modification that processes the I/O event.    
   
   
       4 . The method of  claim 3  wherein the content associated with the I/O event is transformed prior to forwarding the I/O event.  
   
   
       5 . The method of  claim 1  wherein the installing is performed by placing the security enhanced driver code in an ordering of the plurality of I/O drivers such that the code is first in line to process I/O events.  
   
   
       6 . A computer-readable memory medium that contains instructions for controlling a computer processor to incorporate a security enhanced driver into an existing operating system having a plurality of input and output (I/O) drivers that process I/O events, by: 
 installing the security enhanced driver so that the security enhanced driver intercepts an I/O event and ensures that content associated with the I/O event is accessible in a valid form only to requesters authorized to access the content and that invalid data is accessible to requesters not authorized to access the content.    
   
   
       7 . A method for incorporating a security enhanced driver into an existing operating system having a device driver that processes one of an input event and an output event, comprising: 
 modifying the device driver to include a resource lockout mechanism that is structured to control access to a resource that stores designated valid data and an obfuscation mechanism that dynamically obfuscates the designated valid data and de-obfuscates the obfuscated data using the resource lockout mechanism such that the designated valid data is accessible to only an authorized requestor and invalid data is accessible otherwise.    
   
   
       8 . A computer-readable memory medium that contains instructions for controlling a computer processor to incorporate a security enhanced driver into an existing operating system having a device driver that processes one of an input event and an output event, by: 
 modifying the device driver to include a resource lockout mechanism that is structured to control access to a resource that stores designated valid data and an obfuscation mechanism that dynamically obfuscates the designated valid data and de-obfuscates the obfuscated data using the resource lockout mechanism such that the designated valid data is accessible to only an authorized requestor and invalid data is accessible otherwise.    
   
   
       9 . A method for incorporating a security enhanced driver into an existing operating system, the operating system having an ordering of device drivers that process input and output according to the ordering, comprising: 
 installing the security enhanced driver as a driver first in the ordering such that the security enhanced driver intercepts one of input and output and ensures that content associated with the one of the input and output is accessible in a valid form only to requestors authorized to access the content and that invalid data is accessible to requesters not authorized to access the content.    
   
   
       10 . A computer-readable memory medium that contains instructions for controlling a computer processor to incorporate a security enhanced driver into an existing operating system, the operating system having an ordering of device drivers that process input and output according to the ordering, by: 
 installing the security enhanced driver as a driver first in the ordering such that the security enhanced driver intercepts one of input and output and ensures that content associated with the one of the input and output is accessible in a valid form only to requesters authorized to access the content and that invalid data is accessible to requesters not authorized to access the content.    
   
   
       11 . A computer readable media that contains instructions for incorporating a security enhanced driver into an existing operating system having a device driver that processes on of an input event and an output event, by: 
 modifying the device driver to store valid data and lock out other processes during activation of a resource to access of the stored valid data to thereby prevent other processes access to the valid data.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.