1 SECURE EXTERNAL COMPUTER HUB
The present invention relates to the field of electronics and, more particularly, to external computer hubs and methods for configuring same.
BACKGROUND OF THE INVENTION
The universal serial bus (USB) facilitates connections between a host computer and USB devices such as a keyboard, mouse, and printer. Entities concerned that data security may be compromised by its accessibility via the USB bus often face an “all or nothing” decision, e.g., enabling/disabling the USB ports within the basic input/output system for computers (BIOS).
The present invention is embodied in apparatus, methods, and systems for secure communication between peripheral devices and one or more hosts.
An apparatus in accordance with the present invention includes a secure external hub for coupling a plurality of peripheral devices to a ho st computer. Each peripheral device includes device identification (ID). The hub includes a communication cable for connection with the host computer, a first connection port for connection with a first peripheral device including first device ID, a first communication path extending between the first connection port and the communication cable, a first switch coupled within the first communication path, an administrator input device, a memory for storing at least one authorized device ID, and a processor coupled to the first switch, the administrator input device, and the memory, the processor programmed to designate the at least one authorized device ID in response to an administrator input received via the administrator input device, to receive the first device ID when the first peripheral device is connected to the first connection port, to identify a match between the first device ID and the at least one stored authorized device ID, and to selectively actuate the first switch such that communication is enabled through the first communication path when a match is identified and communication is disabled when a match is not identified.
Methods and systems in accordance with the present invention include methods and systems for configuring a secure external hub for coupling a plurality of peripheral devices to a host computer. Each peripheral device includes device identification (ID). Secure communication is established by designating at least one authorized device ID in response to an administrator input received via an administrator port of the hub, authorizing one or more peripheral devices connected to the hub based on the designated at least one authorized device ID, and enabling communication between authorized peripheral devices connected to the hub and a communication cable of the hub for communication with the host computer and preventing communication between unauthorized peripheral devices connected to the hub and the communication cable.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is best understood from the following detailed description when read in connection with the accompanying drawings, with like elements having the same reference numerals. When a plurality of similar elements are present, a single reference numeral may be assigned to the
plurality of similar elements with a small letter designation referring to specific elements. When referring to the elements collectively or to a non-specific one or more of the elements, the small letter designation may be dropped. The letter “n” may represent a non-specific number of elements. Also, lines without arrows connecting components may represent a bidirectional exchange between these components. This emphasizes that according to common practice, the various features of the drawings are not drawn to scale. On the contrary, the dimensions of the various features are arbitrarily expanded or reduced for clarity. Included in the drawings are the following figures:
FIG. 1 is an illustrative front view of a computer system including a host computer and a secure hub in accordance with one aspect of the present invention;
FIG. 1A is a block diagram illustrating a front view of the secure hub of FIG. 1;
FIG. 1B is an illustrative partial view of a back surface of the host computer in FIG. 1;
FIG. 2A is a block diagram in partial circuit diagram form depicting the secure hub connected to peripheral devices and a host computer in accordance with aspects of the present invention;
FIG. 2B is a block diagram in partial circuit diagram form depicting a secure hub implemented in a keyboard, video, mouse (KVM) switch in accordance with aspects of the present invention;
FIG. 3 is a flow chart of exemplary steps for steps for configuring a secure hub in accordance with an aspect of the present invention;
FIG. 4 is a graphical user interface of a port status screen in accordance with an aspect of the present invention;
FIG. 5 is a graphical user interface of an administrator port status screen in accordance with an aspect of the present invention;
FIG. 6 is a graphical user interface of a registered device screen in accordance with an aspect of the present invention;
FIG. 7 is a graphical user interface of a device policy screen in accordance with an aspect of the present invention; and
FIG. 8 is a graphical user interface of an audit report screen in accordance with an aspect of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
FIG. 1 depicts a computer system 100 including a secure hub 102 for coupling a plurality of peripheral devices 30 to a host computer 10 in accordance with an aspect of the present invention. The depicted computer system 100 includes a host computer 10, a monitor 20, and three devices (i.e., a storage drive 3011, keyboard 30b, mouse 30c, and printer 30d). The peripheral devices 30 are coupled to the host computer 10 via the secure hub 102, which is coupled to the host computer 10 via a communication cable 106. The communication cable 106 may be hard wired to circuitry within the secure hub 102 to prevent its removal from the secure hub 102. Host computer 10 and peripheral devices 30 may be conventional electronic devices capable of communication in accordance with a USB communication specification. Suitable computers and peripheral devices will be understood by one of skill in the art from the description herein.
FIG. 1A depicts a front face of the secure hub 102. The illustrated secure hub 102 includes four ports (ports 104a-d) for establishing a connection withperipheral devices 30 (FIG. 1). For example, port 10411 may be connected to storage device 30a, port 104b may be connected to keyboard 30b, port 104c may be connected to mouse 30c, and port 104d may be connected to printer 30d. In an exemplary embodiment, the