Browse Prior Art Database

Method and Mechanism for USB "Key" Enable/Disable

IP.com Disclosure Number: IPCOM000028711D
Original Publication Date: 2004-May-27
Included in the Prior Art Database: 2004-May-27
Document File: 2 page(s) / 14K

Publishing Venue

IBM

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 57% of the total text.

Page 1 of 2

Method and Mechanism for USB "Key" Enable/Disable

     Today there are no known methods for physical disabling of I/O through the USB Ports. For legacy-free systems, it may be important for administrators to be able to lock out any form of I/O at a particular station. Even on legacy systems, being able to physically lock a user from USB access maybe essential to prevent security compromise. This disclosure discusses a method and hardware mechanism for enabling and disabling the USB subsystem on a given system with a special USB "key".

     There are 4 main components to the USB "key" enable/disable system: TPM, Q-switch, custom embedded processor, and portable USB "key".

     Definitions: Portable USB "key" - A small, hand held "key" that plugs into a USB port and contains a small ASIC with encryption data that can be married to specific computers.

TPM - Secure storage area on motherboard with "key" access information. Q-Switch - Circuitry residing on Universal Serial Bus (USB) to physically lock out access from outside USB devices. Controlled by the CEP. Custom Embedded Processor (CEP) - the "Brain" for the entire USB security operation.

Normal USB Configuration

Secure USB Configuration using Disclosure

External USB PortsUSB Host Controller

USB "Key"Processor

USB Host Controller

External USB Ports

Q-Switch

Custom Embedded

TPM

USB Signals

-Data +Data Vcc Ground

     In this disclosure's secured state, the Q-switch would be set to physically disconnect the USB host controller from th...