Browse Prior Art Database

Secure USB Link

IP.com Disclosure Number: IPCOM000014518D
Original Publication Date: 2000-Oct-25
Included in the Prior Art Database: 2003-Jun-19
Document File: 2 page(s) / 37K

Publishing Venue

IBM

Abstract

Disclosed is an apparatus and method for providing secure communications between a system unit and an USB attached keyboard. With the industry movement to legacy free PCs, the existing PS/2 keyboard and mouse will be replaced by USB keyboards and pointing devices. With the PS/2 keyboard and mouse, attachment was accomplished via a dedicated port. Short of using an interposer device, which would be

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 2

Secure USB Link

Disclosed is an apparatus and method for providing secure communications between a system unit and

an USB attached keyboard. With the industry movement to legacy free PCs, the existing PS/2 keyboard

and mouse will be replaced by USB keyboards and pointing devices. With the PS/2 keyboard and mouse,

attachment was accomplished via a dedicated port. Short of using an interposer device, which would be

evident to the user, monitoring the keyboard data stream external to the system was difficult. However,

USB is a shared bus. Multiple devices are intended to externally attach to the USB ports as per the USB

architecture. Monitoring of a USB keyboard external to the system is possible. A monitoring device attached

to USB ports could potentially monitor the data streams of any USB attached keyboard. Thus compromising any sensitive data inputted by the user. For example, system passwords could be discovered and used

without permission.

In order to secure transmissions from the keyboard, or any other USB device, to the system unit, all data transmissions will be encrypted between a dedicated secure USB port(s) and a secure USB hub(s). The USB keyboard will be attached to the secure USB hub. Both the secure hub and the USB controller providing the secure USB port on the system will contain a cryptographic engine. When the system first powers up or when the keyboard is hot-plugged it will first be enumerated by the system. The system will see that the new keyboard supports secure transmissions via a new bus protocol outside of the USB specification. Next a public key exchange will occur between the securing endpoints. The keyboard will be instructed to send the system its public key. The secure USB controller will then send its public key to the keyboard. Once the public key exchange has successfully completed, the system will instruct the keyboard and the USB host controller to go into secure transmission mode. All subsequent transmissions between the two encrypting endpoints will be encrypted.

Any keyboard transmission of data to the system will first be hashed using a pre established and wel...