US2009313397A1PendingUtilityA1

Methods and Systems for Protecting Data in USB Systems

55
Assignee: MICROSOFT CORPPriority: Jun 28, 2002Filed: Jan 5, 2009Published: Dec 17, 2009
Est. expiryJun 28, 2022(expired)· nominal 20-yr term from priority
G06F 21/72G06F 2221/2129G06F 13/28G06F 2221/2105G06F 13/362G06F 2212/1052G06F 12/1408G06F 21/78G06F 21/606G06F 2221/2147G06F 13/4282G06F 21/85G06F 3/065G06F 21/73G06F 2221/2153G06F 21/1011
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Claims

exact text as granted — not AI-modified
1 . A method comprising:
 partitioning memory into protected and unprotected memory on a host computer;   for USB devices that are secure, writing and reading data associated with such USB devices to and from the protected memory; and   for USB devices that are not secure, writing and reading data associated with such USB devices to and from the unprotected memory.   
   
   
       2 . The method of  claim 1 , wherein the acts of writing and reading are performed by a USB Host Controller. 
   
   
       3 . The method of  claim 1 , wherein the acts of writing and reading are performed by a USB Host Controller having privileged access to the protected memory. 
   
   
       4 . The method of  claim 1 , wherein the acts of writing and reading to and from the protected memory comprise using memory indirection to do so. 
   
   
       5 . The method of  claim 1 , wherein the acts of writing and reading to and from the protected memory comprise using direct memory access (DMA) techniques to do so. 
   
   
       6 . The method of  claim 1 , wherein the acts of writing and reading to and from the protected memory are performed by a USB Host Controller and comprise using direct memory access (DMA) techniques to do so. 
   
   
       7 . The method of  claim 1 , wherein the acts of writing and reading to and from the protected memory are performed by a USB Host Controller and comprise using direct memory access (DMA) techniques to do so, wherein the protected memory is not accessible to other DMA devices. 
   
   
       8 . One or more computer-readable media having computer-readable instructions which, when executed by one or more processors, cause the one or more processors to implement the method of  claim 1 . 
   
   
       9 . A method comprising:
 maintaining a table that indicates whether one or more USB devices are secure; and   if a USB device is indicated as secure, copying data into and out of protected portions of memory that are associated with that USB device.   
   
   
       10 . The method of  claim 9 , wherein the act of copying is performed by a USB Host Controller. 
   
   
       11 . The method of  claim 9 , wherein the acts of maintaining and copying are performed by a USB Host Controller. 
   
   
       12 . The method of  claim 9  further comprising prior to copying, using a memory mapping table to ascertain memory addresses in protected memory that are associated with secure devices. 
   
   
       13 . The method of  claim 9 , wherein the act of copying is performed by a USB Host Controller using direct memory access (DMA) techniques. 
   
   
       14 . One or more computer-readable media having computer-readable instructions which, when executed by one or more processors, cause the one or more processors to implement the method of  claim 9 . 
   
   
       15 . A method comprising:
 associating at least one portion of protected memory with at least one secure USB device; and   copying data associated with the one secure USB device to and from the associated portion of protected memory.   
   
   
       16 . The method of  claim 15 , wherein said copying is performed responsive to a memory indirection. 
   
   
       17 . The method of  claim 15 , wherein said acts of associating and copying are performed, at least in part, by a USB Host Controller. 
   
   
       18 . The method of  claim 15 , wherein the act of copying is performed using direct memory access (DMA) techniques. 
   
   
       19 . A USB host controller configured to implement the method of  claim 15 . 
   
   
       20 . One or more computer-readable media having computer-readable instructions which, when executed by one or more processors, cause the one or more processors to implement the method of  claim 15 . 
   
   
       21 . A system comprising:
 a USB host controller;   a table associated with the host controller and which indicates whether one or more USB devices are secure; and   the host controller being configured to use the table and, if a USB device is indicated by the table as secure, copy data into and out of protected portions of memory that are associated with that USB device.   
   
   
       22 . The system of  claim 21 , wherein the host controller is configured to use a memory mapping table to ascertain memory addresses in protected memory that are associated with secure devices. 
   
   
       23 . The system of  claim 21 , wherein the host controller is configured to copy said data using direct memory access (DMA) techniques. 
   
   
       24 . A system comprising:
 protected memory that is configured to be used in connection with secure USB devices;   unprotected memory that is configured to be used with USB devices that are not secure;   a USB host controller associated with the protected and unprotected memory;   the host controller being configured to write and read data associated with secure USB devices to and from the protected memory; and   the host controller further being configured to write and read data for USB devices that are not secure to and from the unprotected memory.   
   
   
       25 . The system of  claim 24 , wherein the host controller has privileged access to the protected memory. 
   
   
       26 . The system of  claim 24 , wherein the system is configured to use memory indirection to cause the host controller to write and read from the protected memory. 
   
   
       27 . The system of  claim 24 , wherein the host controller is configured to use direct memory access techniques (DMA) to write and read from the protected memory.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.