Methods and Systems for Protecting Data in USB Systems
Abstract
The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.
Claims
exact text as granted — not AI-modified1 . A method comprising:
partitioning memory into protected and unprotected memory on a host computer; for USB devices that are secure, writing and reading data associated with such USB devices to and from the protected memory; and for USB devices that are not secure, writing and reading data associated with such USB devices to and from the unprotected memory.
2 . The method of claim 1 , wherein the acts of writing and reading are performed by a USB Host Controller.
3 . The method of claim 1 , wherein the acts of writing and reading are performed by a USB Host Controller having privileged access to the protected memory.
4 . The method of claim 1 , wherein the acts of writing and reading to and from the protected memory comprise using memory indirection to do so.
5 . The method of claim 1 , wherein the acts of writing and reading to and from the protected memory comprise using direct memory access (DMA) techniques to do so.
6 . The method of claim 1 , wherein the acts of writing and reading to and from the protected memory are performed by a USB Host Controller and comprise using direct memory access (DMA) techniques to do so.
7 . The method of claim 1 , wherein the acts of writing and reading to and from the protected memory are performed by a USB Host Controller and comprise using direct memory access (DMA) techniques to do so, wherein the protected memory is not accessible to other DMA devices.
8 . One or more computer-readable media having computer-readable instructions which, when executed by one or more processors, cause the one or more processors to implement the method of claim 1 .
9 . A method comprising:
maintaining a table that indicates whether one or more USB devices are secure; and if a USB device is indicated as secure, copying data into and out of protected portions of memory that are associated with that USB device.
10 . The method of claim 9 , wherein the act of copying is performed by a USB Host Controller.
11 . The method of claim 9 , wherein the acts of maintaining and copying are performed by a USB Host Controller.
12 . The method of claim 9 further comprising prior to copying, using a memory mapping table to ascertain memory addresses in protected memory that are associated with secure devices.
13 . The method of claim 9 , wherein the act of copying is performed by a USB Host Controller using direct memory access (DMA) techniques.
14 . One or more computer-readable media having computer-readable instructions which, when executed by one or more processors, cause the one or more processors to implement the method of claim 9 .
15 . A method comprising:
associating at least one portion of protected memory with at least one secure USB device; and copying data associated with the one secure USB device to and from the associated portion of protected memory.
16 . The method of claim 15 , wherein said copying is performed responsive to a memory indirection.
17 . The method of claim 15 , wherein said acts of associating and copying are performed, at least in part, by a USB Host Controller.
18 . The method of claim 15 , wherein the act of copying is performed using direct memory access (DMA) techniques.
19 . A USB host controller configured to implement the method of claim 15 .
20 . One or more computer-readable media having computer-readable instructions which, when executed by one or more processors, cause the one or more processors to implement the method of claim 15 .
21 . A system comprising:
a USB host controller; a table associated with the host controller and which indicates whether one or more USB devices are secure; and the host controller being configured to use the table and, if a USB device is indicated by the table as secure, copy data into and out of protected portions of memory that are associated with that USB device.
22 . The system of claim 21 , wherein the host controller is configured to use a memory mapping table to ascertain memory addresses in protected memory that are associated with secure devices.
23 . The system of claim 21 , wherein the host controller is configured to copy said data using direct memory access (DMA) techniques.
24 . A system comprising:
protected memory that is configured to be used in connection with secure USB devices; unprotected memory that is configured to be used with USB devices that are not secure; a USB host controller associated with the protected and unprotected memory; the host controller being configured to write and read data associated with secure USB devices to and from the protected memory; and the host controller further being configured to write and read data for USB devices that are not secure to and from the unprotected memory.
25 . The system of claim 24 , wherein the host controller has privileged access to the protected memory.
26 . The system of claim 24 , wherein the system is configured to use memory indirection to cause the host controller to write and read from the protected memory.
27 . The system of claim 24 , wherein the host controller is configured to use direct memory access techniques (DMA) to write and read from the protected memory.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.