System and method for securely connecting to a peripheral device
11537533 · 2022-12-27
Assignee
Inventors
- Gil Litichever (Modiin, IL)
- Oded Gutentag (Ramat Yishay, IL)
- Eyal Zvuluny (Tel Aviv, IL)
- Ariel Hershler (Efrat, IL)
Cpc classification
Y04S40/20
GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
G06F21/56
PHYSICS
G06F9/45504
PHYSICS
International classification
G06F9/455
PHYSICS
Abstract
A device connectable between a host computer and a computer peripheral over a standard bus interface is disclosed, used to improve security, and to detect and prevent malware operation. Messages passing between the host computer and the computer peripherals are intercepted and analyzed based on pre-configured criteria, and legitimate messages transparently pass through the device, while suspected messages are blocked. The device communicates with the host computer and the computer peripheral using proprietary or industry standard protocol or bus, which may be based on a point-to-point serial communication such as USB or SATA. The messages may be stored in the device for future analysis, and may be blocked based on current or past analysis of the messages. The device may serve as a VPN client and securely communicate with a VPN server using the host Internet connection.
Claims
1. A method for analyzing messages by a device connected between a host computer and a peripheral device using a standard bus, the method comprising: emulating the peripheral device to the host computer using a first processor executing a first firmware stored in a first memory, for receiving messages from, and transmitting messages to, the host computer over a first cable using the standard bus; emulating the host computer to the peripheral device using a second processor executing a second firmware stored in a second memory, for receiving messages from, and transmitting messages to, the peripheral device over a second cable using the standard bus; analyzing messages using a third processor executing a third firmware stored in a third memory; transporting messages between the host computer and the third processor exclusively over a first local bus; and transporting messages between the peripheral device and the third processor exclusively over a second local bus.
2. The method according to claim 1 for use with a criterion, the method further comprising: receiving a first message by the second processor from the peripheral device; sending the first message over the second local bus to the third processor; checking the first message by the third processor for satisfying the criterion; responsive to the message satisfying the criterion, sending the first message over the first local bus to the second processor; and sending the first message by the first processor to the host computer.
3. The method according to claim 2, wherein the peripheral device is an input device for sensing an action by a user.
4. The method according to claim 3, wherein the peripheral device consists of, or comprises, a keyboard, a pointing device, a trackball, a touch-pad, a touch-screen, a scanner, a digital camera, or a joystick.
5. The method according to claim 3, wherein the first message is associated with the user action.
6. The method according to claim 1, further for use with a criterion, the method further comprising: receiving a first message by the first processor from the host computer; sending the first message over the first local bus to the third processor; checking the first message by the third processor for satisfying the criterion; responsive to the message satisfying the criterion, sending the first message over the second local bus to the second processor; and sending the first message by the second processor to the peripheral device.
7. The method according to claim 6, wherein the peripheral device is an output device for notifying information to a user.
8. The method according to claim 7, wherein the user notification consists of, comprises, or is based on, text, graphics, tactile, audio, or video.
9. The method according to claim 7, wherein the output device consists of, or comprises, a printer, a display, or a speaker.
10. The method according to claim 7 wherein the first message is associated with the information used for the user notification.
11. The method according to claim 1, wherein the peripheral device is a non-volatile memory, and at least some of the messages are associated with reading from, or writing to, the memory.
12. The method according to claim 11, wherein the non-volatile memory consists of, or comprises, Hard Disk Drive (HDD), Solid State Drive (SSD), RAM, SRAM, DRAM, TTRAM, Z-RAM, ROM, PROM, EPROM, EEROM, Flash-based memory, CD-RW, DVD-RW, DVD+RW, DVD-RAM BD-RE, CD-ROM, BD-ROM, or DVD-ROM.
13. The method according to claim 1, further comprising detecting a malware or a malware activity.
14. The method according to claim 13, wherein the malware consists of, includes, or is based on, a computer virus, spyware, DoS (Denial of Service), rootkit, ransomware, adware, backdoor, Trojan horse, or a destructive malware.
15. The method according to claim 1, wherein the standard bus is an industry standard bus, and wherein the first and second cables, the communication with the host computer, and the communication with the peripheral device, are according to, or based on, the industry standard bus.
16. The method according to claim 15, wherein the industry standard bus defines a point-to-point serial communication.
17. The method according to claim 16, wherein the industry standard bus is according to, or based on, a Universal Standard Bus (USB).
18. The method according to claim 17, wherein the industry standard bus is according to, or based on, USB 2.0 or USB 3.0.
19. The method according to claim 15, wherein the industry standard bus is according to, or based on, Peripheral Component Interconnect (PCI) Express, Small Computer System Interface (SCSI), Serial Attached SCSI (SAS), Serial ATA (SATA), InfiniBand, PCI, PCI-X, AGP, Thunderbolt, IEEE 1394, FireWire, or Fibre-Channel.
20. The method according to claim 1, wherein the first firmware comprises a first operating system, the second firmware comprises a second operating system, and the third firmware comprises a third operating system.
21. The method according to claim 20, further comprising: executing, by the first processor, the first operating system; executing, by the second processor, the second operating system; and executing, by the third processor, the third operating system.
22. The method according to claim 20, wherein the first, second, or third operating system consists of, comprises, is according to, or is based on, Linux.
23. The method according to claim 20, wherein the first, second, or third operating system consists of, comprises, is according to, or is based on, Microsoft Windows or WDM.
24. The method according to claim 23, wherein the first, second, or third operating system consists of, comprises, is according to, or based on, one out of Microsoft Windows 7, Microsoft Windows XP, Microsoft Windows 8, Microsoft Windows 8.1, and Google Chrome OS.
25. The method according to claim 20, wherein the first, second, or third operating system consists of, comprises, is according to, or is based on, a mobile operating system.
26. The method according to claim 25, wherein the mobile operating system consists of, comprises, is according to, or is based on, Android version 2.2 (Froyo), Android version 2.3 (Gingerbread), Android version 4.0 (Ice Cream Sandwich), Android Version 4.2 (Jelly Bean), Android version 4.4 (KitKat), Apple iOS version 3, Apple iOS version 4, Apple iOS version 5, Apple iOS version 6, Apple iOS version 7, Microsoft Windows® Phone version 7, Microsoft Windows® Phone version 8, Microsoft Windows® Phone version 9, or Blackberry® operating system.
27. The method according to claim 20, wherein first, second, or third operating system comprises, is according to, uses, or is based on, a class driver, a Human Input device (HID) driver, a minidriver, a class driver, a USB host driver, a USB peripheral driver, a PnP driver, a msdos.sys driver, a io.sys driver, a config.sys driver, or a function driver.
28. The method according to claim 1, wherein the first or the second local bus is a synchronous serial bus.
29. The method according to claim 28, wherein the first or the second local bus is a master/slave bus for connecting ICs.
30. The method according to claim 28, wherein the first or the second local bus is based on, is according to, or comprises, Serial Peripheral Interface (SPI) bus or Inter-Integrated Circuit (I.sup.2C) bus.
31. The method according to claim 1, wherein the first or the second local bus is a bi-directional bus.
32. The method according to claim 31 wherein the first or the second local bus is a half-duplex or a full-duplex bus.
33. The method according to claim 1, wherein the first or the second local bus is a uni-directional bus.
34. The method according to claim 33, wherein the first local bus exclusively allows data transfer from the first processor to the third processor.
35. The method according to claim 33, wherein the first local bus exclusively allows data transfer from the third processor to the first processor.
36. The method according to claim 33, wherein the second local bus exclusively allows data transfer from the first processor to the second processor.
37. The method according to claim 33, wherein the second local bus exclusively allows data transfer from the third processor to the second processor.
38. The method according to claim 1, wherein the first or second local bus is using isolation barriers so that the respective first or second processor is galvanically isolated over the respective bus from the third processor.
39. The method according to claim 38, wherein the isolation barrier is based on a capacitance, induction, or electromagnetic waves, or optical barrier.
40. The method according to claim 39, wherein the first or second local bus comprise or use optocouplers or isolation transformers for galvanically isolating the respective processors.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
(1) The invention is herein described, by way of non-limiting examples only, with reference to the accompanying drawings, is like designations denote like elements. Understanding that these drawings only provide information concerning typical embodiments of the invention and are not therefore to be considered limiting in scope:
(2)
(3)
(4)
(5)
(6)
(7)
(8)
(9)
(10)
(11)
(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)
(20)
(21)
(22)
(23)
(24)
(25)
(26)
(27)
(28)
(29)
(30)
(31)
(32)
(33)
(34)
(35)
(36)
(37)
(38)
(39)
(40)
(41)
(42)
(43)
(44)
(45)
DETAILED DESCRIPTION
(46) The principles and operation of an apparatus according to the present invention may be understood with reference to the figures and the accompanying description wherein similar components appearing in different figures are denoted by identical reference numerals. The drawings and descriptions are conceptual only. In actual practice, a single component can implement one or more functions; alternatively or in addition, each function can be implemented by a plurality of components and devices. In the figures and descriptions, identical reference numerals indicate those components that are common to different embodiments or configurations. Identical numerical references (even in the case of using different suffix, such as 5, 5a, 5b and 5c) refer to functions or actual devices that are either identical, substantially similar, or having similar functionality. It will be readily understood that the components of the present invention, as generally described and illustrated in the figures herein, could be arranged and designed in a wide variety of different configurations. Thus, the following more detailed description of the embodiments of the apparatus, system, and method of the present invention, as represented in the figures herein, is not intended to limit the scope of the invention, as claimed, but is merely representative of embodiments of the invention. It is to be understood that the singular forms “a,” “an,” and “the” herein include plural referents unless the context clearly dictates otherwise. Thus, for example, a reference to “a component surface” includes reference to one or more of such surfaces. The term “substantially” means that the recited characteristic, parameter, or value need not be achieved exactly, but that deviations or variations, including for example, tolerances, measurement error, measurement accuracy limitations, and other factors known to those of skill in the art, may occur in amounts that do not preclude the effect the characteristic was intended to provide.
(47) An Isolator Device 80 for handling and mitigating USB threats is shown in an arrangement 80a in
(48) The host emulator 81a is based on the USB host interface 71a and its main functionality is to present and emulate a full USB host interface to the peripheral device 72, so that for all practical purposes, the peripheral device 72 behaves and senses as it is connected directly to the host device 71. The host emulator 81a includes a USB host interface that includes the USB host connector 75a, the USB transceiver 77a, and the USB host controller 69, all managed and operated under the control of a processor 82a, which may be similar or identical to the processor 65 shown in the arrangement 70. The processor 82a executes instructions, store, and read data with the memory 84a, which may correspond to the memory 73. The memory 84a may store an operating system 85a (which may correspond to the OS 76a), integrated with USB host drivers 86a (which may correspond to the USB host drivers 76b in the arrangement 70). The OS 85a may consist, may be based on, or may use WDM or Linux, or may consist, may be based on, or may use FreeRTOS™ or Android, Commands, messages, information, and any other data from or to the end point 79 in the peripheral device 72, which are carried as payload in the USB protocol are communicated over a local bus 83a to a processor 82b of the monitor module 81b. Any connection or bus, either parallel or serial, and either synchronous or asynchronous, that may be used for connecting between ICs or components, such as the connection between ICs or components mounted on the same PCB, may be used as the local bus 83a. Preferably, the local bus 83a is a serial point-to-point bus such as SPI or I.sup.2C, and this local bus 83a is the only data transfer means between the host emulator module 81a and the monitor module 81b.
(49) The peripheral emulator 81c is based on the USB peripheral interface 71a and its main functionality is to present and emulate a full USB peripheral interface to the host device 71, so that for all practical purposes, the host device 71 behaves, functions, and senses as it is connected directly to the peripheral device 72. The peripheral emulator 81c includes a USB peripheral interface that includes the USB peripheral connector 75d, the USB transceiver 77b, and the USB peripheral controller 74, all managed and operated under the control of a processor 82c, which may be similar or identical to the processor 65 shown in the arrangement 70. The processor 82c executes instructions, stores, and reads data in the memory 84c, which may correspond to the memory 73. The memory 84c may store an operating system 85c (which may correspond to the OS 76a), integrated with USB peripheral drivers 86c. The OS 85c may consist, may be based on, or may use WDM or Linux, or may consist, may be based on, or may use FreeRTOS™ or Android, Commands, messages, information, and any other data from or to the end-point 79 in the peripheral device 72, which are carried as payload in the USB protocol, are communicated over a local bus 83b to a processor 82b of the monitor module 81b. The local bus 83b may be similar to, identical to, or different from the local bus 83a. Any connection or bus, either parallel or serial, and either synchronous or asynchronous, that may be used for connecting between ICs or components, such as connections between ICs or components mounted on the same PCB, may be used as the local bus 83b. Preferably, the local bus 83b is a serial point-to-point bus such as SPI or I.sup.2C. Preferably, the local bus 83b is a serial point-to-point bus such as SPI or I.sup.2C, and this local bus 83b is the only data transfer means between the peripheral emulator module 81c and the monitor module 81b.
(50) The monitor module 81b serves as a mediator and connected between the peripheral emulator module 81 and the host emulator module 81a, so that any information communicated between the host device 71 and the peripheral device 72 passes through this module, and may be analyzed, passed, or blocked by the monitor module 81b. The monitor module 81b includes the processor 82b that manages and control the module, which may be similar or identical to the processor 12 shown in the arrangement 10. The processor 82b executes instructions, stores, and reads data in the memory 84c, which may correspond to the memory 15a. The memory 84b may store an operating system 85b (which may correspond to the OS 76a), integrated with an isolation application 86b that intercept, analyze, block, or otherwise manipulate or act upon the commands, messages, information, and any other data from, or to, the end-point 79 in the peripheral device 72. The OS 85b may consist, may be based on, or may use WDM or Linux, or may consist, may be based on, or may use FreeRTOS™ or Android.
(51) Each of the processors in the modules is directed only by the software included in the memory in the module, and interacts and controls only the hardware in that module, and preferably, the only data transfer between the modules is via the local buses 83a and 83b. Preferably, any failure of infection in one module preferably does not change, impact, or affect the software, the hardware, or the operation (or functionality) of any of the rest of the modules. Further, since the operating systems and the processors are isolated to each module, a malware infection, such as in USB related drivers obtained from a third party, is not propagated to the other modules in the isolator device 80.
(52) In one example, the host device 71 is assumed a trusted system or environment, while the peripheral device 72 trustworthiness is unknown and thus cannot be trusted. Hence, the isolator device 80 may be connected as a local ‘Firewall’ securely connecting the host device 71 and the peripheral device 72, analyzing the messaging between these devices and identifying a suspected activity, thus protecting any infection from the peripheral device 72 to affect or penetrate the host device 71. Such application is pictorially shown as an arrangement 80b in
(53) Preferably, the monitor module 81b and the host emulator module 81a are communicatively coupled solely over the local bus 83a, which may be a bi-directional bus supporting half-duplex of full-duplex communication. Similarly, the monitor module 81b and the peripheral emulator module 81c are preferably communicatively coupled solely over the local bus 83b, which may be a bi-directional bus supporting half-duplex of full-duplex communication. In one example, the local buses 83a and 83b use different lines or connections for each communication direction, as shown in an arrangement 90 in
(54) As part of the local bus 83a, messaging from the monitor module 81b directed to the host emulator module 81a are only carried over the connection 93d, which may be a wire, a trace on a PCB, or an inter-IC connection such as a conductive path over a semiconductor substrate. The connection 93d is signal fed from a digital logic output stage 91d (which may be a buffer or a driver) in the monitor module 81b and the digital signal is received by a digital logic input stage 92d (which may be a receiver) in the host emulator module 81a. Similarly, as part of the local bus 83a, messaging directed to the monitor module 81b from the host emulator module 81a are only carried over the connection 93a, which may be a wire, a trace on a PCB, or an inter-IC connection such as a conductive path over a semiconductor substrate. The connection 93a is signal fed from a digital logic output stage 91a (which may be a buffer or a driver) in the host emulator module 81a and the digital signal is received by a digital logic input stage 92a (which may be a receiver) in the monitor module 81b. For example, the local bus 83a may be SPI bus where the monitor module 81b assumes the role of a ‘Master’ and the Host emulator module 81a assumes the role of a ‘Slave’, and the connection 93d implements the MOSI (Master-Output-Slave-Input) line, and the connection 93a implements the MISO (Master-Input-Slave-Output) line.
(55) As part of the local bus 83b, messaging from the monitor module 81b directed to the peripheral emulator module 81c, are only carried over the connection 93b, which may be a wire, a trace on a PCB, or an inter-IC connection such as a conductive path over a semiconductor substrate. The connection 93b is signal fed from a digital logic output stage 91b (which may be a buffer or a driver) in the monitor module 81b and the digital signal is received by a digital logic input stage 92b (which may be a receiver) in the host emulator module 81a. Similarly, as part of the local bus 83b, messaging directed to the monitor module 81b from the peripheral emulator module 81a are only carried over the connection 93c, which may be a wire, a trace on a PCB, or an inter-IC connection such as a conductive path over a semiconductor substrate. The connection 93c is signal fed from a digital logic output stage 91c (which may be a buffer or a driver) in the peripheral emulator module 81c and the digital signal is received by a digital logic input stage 92c (which may be a receiver) in the monitor module 81b. For example, the local bus 83b may be SPI bus where the monitor module 81b assumes the role of a ‘Master’ and the peripheral emulator module 81c assumes the role of a ‘Slave’, and the connection 93b implements the MOSI (Master-Output-Slave-Input) line and the connection 93c implements the MISO (Master-Input-Slave-Output) line.
(56) In a case where the peripheral device 72 is an input device (such as the keyboard 2 or the pointing device 3), most (or all) of the messages are directed from the peripheral device 72 to the host device 71, and minimum or none traffic is expected in the other direction: from the host device 71 to the peripheral device 72. Hence, traffic directed to the peripheral device 72 may preferably be blocked, for example for inhibiting an infected device impersonating as an input peripheral device to extract data from the host device 71. Such a blocking may be performed logically, such as under software control (e.g., firmware or software in the monitor module 81b). In one example, the blocking may be performed in the physical layer as shown in an arrangement 90a in
(57) Alternatively or in addition, the peripheral device 72 may be an output device (such as the display 5 or the printer 4), most (or all) of the messages are directed to the peripheral device 72 from the host device 71, and minimum or none traffic is expected in the other direction to the host device 71 from the peripheral device 72. Hence, traffic directed from the peripheral device 72 may preferably be blocked, for example for inhibiting an infected device impersonating as an output peripheral device to insert malware-related data to the host device 71. Such a blocking may be performed logically, such as under software control (e.g., firmware or software in the monitor module 81b). In one example, the blocking may be performed in the physical layer as shown in an arrangement 90c in
(58) In order to properly emulate a USB peripheral interface, the peripheral emulator module 81c includes the USB sink 26b that adheres to the USB standard requirements for USB power termination, as shown in an arrangement 100 illustrating an isolator module 80c. Similarly, in order to properly emulate a USB host interface, the host emulator module 81a includes the USB source 26c that adheres to the USB standard requirements for USB power supply, as shown in the arrangement 100 illustrating the isolator module 80c.
(59) In order to provide isolation between the modules in the isolator device 80, a single power connection in each module is preferably used for powering exclusively that module. Typically, each of the modules is powered by a logic power level such as 3.3 VDC or 5 VDC. As exampled regarding the isolator device 80c shown as part of the arrangement 100 in
(60) In one example, the isolator device 80d is locally powered from a local dedicated power source via the power connector, such as an AC power connector 62a shown as part of an arrangement 100a in
(61) Alternatively or in addition, the isolator device 80 may be partly or fully powered from a battery, that substitutes the power supply 64c and the AC connection via the AC plug 62a. The battery may be a primary battery or cell, in which an irreversible chemical reaction generates the electricity, and thus the cell is disposable and cannot be recharged, and need to be replaced after the battery is drained. Such battery replacement may be expensive and cumbersome. Alternatively or in addition, a rechargeable (secondary) battery may be used, such as a nickel-cadmium based battery. In such a case, a battery charger is employed for charging the battery while it is in use or not in use. Various types of such battery chargers are known in the art, such as trickle chargers, pulse chargers and the like. The battery charger may be integrated with the field unit or be external to it. The battery may be a primary or a rechargeable (secondary) type, may include a single or few batteries, and may use various chemicals for the electro-chemical cells, such as lithium, alkaline and nickel-cadmium. Common batteries are manufactured in pre-defined standard output voltages (1.5, 3, 4.5, 9 Volts, for example), as well as defined standard mechanical enclosures (usually defined by letters such as “A”, “AA”, “B”, “C” sizes), and ‘coin’ type. In one embodiment, the battery (or batteries) is held in a battery holder or compartment, and thus can be easily replaced.
(62) In one example, shown in an arrangement 100b in
(63) Alternatively or in addition, part of the modules may be powered from the USB power, while others may use a local powering scheme, for example due to a power consumption beyond the carried USB power specifications. An example is shown as an arrangement 100c in
(64) Each of the modules may be individually and separately enclosed or structured, such as using separate PCBs or separate enclosures for each module. Alternatively or in addition, each of the module may be implemented as a die (or chip) or as an Integrated Circuit (IC), and may include, or be based on, a PLD. The isolator device 80 may be integrated or embedded, in part or in full, in the peripheral device 72 or in the host device 71. For example, the isolator device 80 may be integrated within the enclosure of computer 11, such as being implemented as circuits mounted on the computer 11 motherboard or PCB along with the processor 12.
(65) Preferably, the isolator device 80 may be enclosed in a single dedicated enclosure. In one example, the isolator device 80 may be implemented in a form of Integrated Circuit (IC, a.k.a. chip or microchip). Alternatively or in addition, the isolator device 80 may be in the form of a packaged functional assembly of electronic components (module). Such module may be based on a PCB (Printed Circuit Board) such as PC Card according to Personal Computer Memory Card International Association (PCMCIA) PCMCIA 2.0 standard, or a Single In-line Memory Module (SIMM) (or DIMM) which is standardized under the JEDEC JESD-21C standard. Alternatively, the enclosure may be in a PC Card form factor according to PCMCIA 2.0 (or JEIDA 4.1) is used, suitable for mounting into a corresponding PCMCIA-compatible slot, supporting 16 or 32-bit width interface, and connected via 68 pins connectors. Similarly, CardBus according to PCMCIA 5.0 may be used. In one non-limiting example, the enclosure may be in the form of SD (Secure Digital) Card, based on standard by SD Card Association (SDA), which is commonly used in many small portable devices such as digital video camcorders, digital cameras, audio players and mobile phones. Other types of memory cards may be equally used, such as CompactFlash (CF), MiniSD card, MicroSD Card, and xD-Picture Card.
(66) In one example, the isolator device 80 circuitry uses a dedicated PCB that is enclosed in a protective enclosure, and connects via a PCB-mounted connector such as in PCMCIA or ExpressCard standard expansion cards. Preferably, such a connection supports hot-plugging. The ExpressCard standard specifies two form factors, ExpressCard/34 (34 mm wide) and ExpressCard/54 (54 mm wide, in an L-shape), where the connector is the same on both (34 mm wide). Standard cards are 75 mm long (10.6 mm shorter than CardBus) and 5 mm thick, but may be thicker on sections that extend outside the standard form. The 34 mm slot accepts only 34 mm cards, while the 54 mm slot accepts both 34 mm and 54 mm cards. A diagonal guide in the rear of the 54 mm slot guides 34 mm cards to the connector.
(67) Further, the enclosure form factor may be box-shaped having a protecting enclosure, further having one or more connectors for connecting to the buses for connecting to peripheral device 72 and to the host device 71, using the suitable standard bus connectors. Preferably, the enclosure may be in the form of a separately rigidly enclosed box. Such a box may be configured to be portable, hand-held, to be placed on a desk, or to be wall-mounted. An example for such a box-shaped enclosure 113 is shown in
(68) In one example, the isolator device 80 is packaged in a single enclosure configured to, or shaped as, a ‘thumb drive’, ‘stick’ or ‘dongle’, such as an enclosure 111 shown schematically in a view 110 and pictorially in a view 110a in
(69) Preferably, the monitor module 81b and the host emulator module 81a are communicatively coupled solely over the local bus 83a, which may be a bi-directional bus supporting half-duplex of full-duplex communication. Similarly, the monitor module 81b and the peripheral emulator module 81c are preferably communicatively coupled solely over the local bus 83b, which may be a bi-directional bus supporting half-duplex of full-duplex communication. In one example, the local buses 83a and 83b use different lines or connections for each communication direction, as shown in the arrangement 90 in
(70) An example of such an isolation scheme assuming that the local buses are each including only two connections, based on the arrangement 90 in
(71) Each of the processors (such as the processor 82c in the peripheral emulator module 81c, the processor 82b in the monitor module 81b and the processor 82a in the host emulator module 81a) in the isolation device 80 requires a clock signal for proper operation. Further, a clock signal is required for properly generating and encoding the USB signals to be transmitted over a USB cable, and a clock signal is required for the Phase-Locked-Loop (PLL) operation for properly decoding and detecting the received USB signals over a USB connection. In order to satisfy the requirements of the USB standard, or in order to allow operation at high communication rates, an accurate frequency clock signal is required, such as generated by a quartz crystal oscillator.
(72) In order to practically provided isolation between the modules, each of the modules is arranged to have a single clock input that is connected to, and serves, all the components and circuits in the module requiring a clock signal.
(73) In one example, a clock distribution network (or clock tree, when this network forms a tree) may be used, where the clock signal is generated by a single oscillator, and distributed from a common point to the clock modules connections. Such a scheme is shown in an arrangement 130 in
(74) Alternatively or in addition, the electrical isolation between the modules may be enhanced by using distinct and separate clock generation and distribution circuits for each of the modules, as shown in an arrangement 130a in
(75) In order to notify a human user of a status or otherwise alert for any detected or identified event, the user control 88 may include an annunciator, which may be activated by the processor 82b. The annunciator may consist of one or more visual or audible signaling component, or any other devices that indicate a status to the person. The annunciator may include a visual signaling device. In one example, the device illuminates a visible light, such as a Light-Emitting-Diode (LED), or uses a Liquid Crystal Display (LCD) that uses changes in the reflectivity in an applied electric field. The LED may be a multi-color LED, such as LED Part No. 08L5015RGBC available from RSR Electronics, Inc. from NJ, U.S.A., described in data-sheet Multi Color LED Part No. 08L5015RGBC, which is incorporated in its entirety for all purposes as if fully set forth herein.
(76) However, any type of visible electric light emitter such as a flashlight, an incandescent lamp, and compact fluorescent lamps can be used. Multiple light emitters may be used, and the illumination may be steady, blinking or flashing. Further, a single-state visual indicator may be used to provide multiple indications, such as by using different colors (of the same visual indicator), different intensity levels, variable duty-cycle and so forth. Further, the visual signaling may be associated with the isolator device 80 function. Such conceptual relationships may include, for example, the light emitters' brightness, appearance, location, type, color and steadiness that are influenced by the estimated value.
(77) In one example, the annunciator operation is based on a numerical digital display that provides readings in the form of numbers of the estimated value of any value derived thereof. For example, the annunciator may use the quadruple digits, seven-segments, LED display Part No.: LTC-3610G available from Lite-On Electronics, Inc., and described in Lite-On Electronics, Inc., Publication BNS-OD-C131/A4 downloaded March 2011, which is incorporated in its entirety for all purposes as if fully set forth herein. Similarly, the annunciator may be based on an alphanumerical digital display that provides readings in the form of characters, including numbers, letters or symbols. For example, the annunciator may use the quadruple digits, seven-segments, LED display Part No.: LTM-8647AC available from Lite-On Electronics, Inc., and described in Lite-On Electronics, Inc., Publication BNS-OD-C131/A4 downloaded March 2011, which is incorporated in its entirety for all purposes as if fully set forth herein.
(78) The invention can be similarly used to display word messages in a variety of fashions and formats, such as scrolling, static, bold, and flashing. The device may further display visual display material beyond words and characters, such as arrows, symbols, ASCII and non-ASCII characters, still images such as pictures and video. The annunciator may use any electronic display or any other output device used for the presentation of visual information. The display may be a digital or analog video display, and may use technologies such as LCD (Liquid Crystal Display), TFT (Thin-Film Transistor), FED (Field Emission Display), CRT (Cathode Ray Tube) or any other electronic screen technology that visually shows information such as graphics or text. In many cases, an adaptor (not shown) is required in order to connect an analog display to the digital data. For example, the adaptor may convert to composite video (PAL, NTSC) or S-Video or HDTV signal. Analog displays commonly use interfaces such as composite video such as NTSC, PAL or SECAM formats. Similarly, analog RGB, VGA (Video Graphics Array), SVGA (Super Video Graphics Array), SCART, S-video and other standard analog interfaces can be used. Further, personal computer monitors, plasma or flat panel displays, CRT, DLP display or a video projector may be equally used. Standard digital interfaces such as an IEEE1394 interface, also known as FireWire™, may be used. Other digital interfaces that can be used are USB, SDI (Serial Digital Interface), FireWire, HDMI (High-Definition Multimedia Interface), DVI (Digital Visual Interface), UDI (Unified Display Interface), DisplayPort, Digital Component Video and DVB (Digital Video Broadcast).
(79) In one example, the annunciator affects sound or music generation. The estimated value may be associated with a musical tune (or a tone) or any other single sound, which is played upon activation of the annunciator. The annunciator may include an audible signaling device (sounder) that emits audible sounds that can be heard by a human (having frequency components in the 20-20,000 Hz band). In one example, the device is a buzzer (or beeper), a chime, a whistle or a ringer. Buzzers are known in the art, and are either electromechanical or ceramic-based piezoelectric sounders that make a high-pitch noise. The sounder may emit a single or multiple tones, and can be in continuous or intermittent operation. In another example, the sounder simulates the voice of a human being or generates music, typically by using an electronic circuit having a memory for storing the sounds (e.g., click, gong, music, song, voice message, etc.), a digital to analog converter to reconstruct the electrical representation of the sound and driver for driving a loudspeaker, which is an electro-acoustical transducer that converts an electrical signal to sound. An example of a greeting card providing music and mechanical movement is disclosed in U.S. Patent Application 2007/0256337 to Segan entitled: “User Interactive Greeting Card”, which is incorporated in its entirety for all purposes as if fully set forth herein. A ‘Gong’ sound may be generated using SAE 800 from Siemens, described in Data-sheet “Programmable Single-/Dual-/Triple-Tone Gong, SAE 800, Siemens semiconductor Group, 02.05”, which is incorporated in its entirety for all purposes as if fully set forth herein.
(80) In one example, a human voice talking is played by the annunciator. The sound may be a syllable, a word, a phrase, a sentence, a short story or a long story, and can be based on speech synthesis or pre-recorded. Male or female voice can be used, being young or old. The text sounded is preferably associated with the shape or theme. For example, an estimated value or quality associated value derived thereof of the system can be heard, such as ‘good’, ‘not in field’ and ‘low quality’.
(81) A tone, voice, melody or song sounder typically contains a memory storing a digital representation of the pre-recorder or synthesized voice or music, a digital to analog (D/A) converter for creating an analog signal, a speaker and a driver for feeding the speaker. An annunciator, which includes a sounder, may be based on Holtek HT3834 CMOS VLSI Integrated Circuit (IC) named ‘36 Melody Music Generator’ available from Holtek Semiconductor Inc., headquartered in Hsinchu, Taiwan, and described with application circuits in a data sheet Rev. 1.00 dated Nov. 2, 2006, which is incorporated in their entirety for all purposes as if fully set forth herein.
(82) Similarly, the sounder may be based on EPSON 7910 series ‘Multi-Melody IC’ available from Seiko-Epson Corporation, Electronic Devices Marketing Division located in Tokyo, Japan, and described with application circuits in a data sheet PF226-04 dated 1998, which is incorporated in its entirety for all purposes as if fully set forth herein. A human voice synthesizer may be based on Magnevation SpeakJet chip available from Magnevation LLC and described in ‘Natural Speech & Complex Sound Synthesizer’ described in User's Manual Revision 1.0 Jul. 27, 2004, which is incorporated in its entirety for all purposes as if fully set forth herein. A general audio controller may be based on OPTi 82C931 ‘Plug and Play Integrated Audio Controller’ described in Data Book 912-3000-035 Revision: 2.1 published on Aug. 1, 1997, which is incorporated in its entirety for all purposes as if fully set forth herein. Similarly, a music synthesizer may be based on YMF721 OPL4-ML2 FM+Wavetable Synthesizer LSI available from Yamaha Corporation described in YMF721 Catalog No. LSI-4MF721A20, which is incorporated in its entirety for all purposes as if fully set forth herein.
(83) Some examples of devices that include generation of an audio signal such as music are disclosed in U.S. Pat. No. 4,496,149 to Schwartzberg entitled: “Game Apparatus Utilizing Controllable Audio Signals”, in U.S. Pat. No. 4,516,260 to Breedlove et al. entitled: “Electronic Learning Aid or Game having Synthesized Speech”, in U.S. Pat. No. 7,414,186 to Scarpa et al. entitled: “System and Method for Teaching Musical Notes”, in U.S. Pat. No. 4,968,255 to Lee et al. entitled: “Electronic Instructional Apparatus”, in U.S. Pat. No. 4,248,123 to Bunger et al. entitled: “Electronic Plano” and in U.S. Pat. No. 4,796,891 to Milner entitled: “Musical Puzzle Using Sliding Tiles”, and toys with means for synthesizing human voice are disclosed in U.S. Pat. No. 6,527,611 to Cummings entitled: “Place and Find Toy”, and in U.S. Pat. No. 4,840,602 to Rose entitled: “Talking Doll Responsive to External Signal”, which are all incorporated in their entirety for all purposes as if fully set forth herein.
(84) Further, the user control 88 may be used for sending the notification or alert to a user. The notification to the user device may be text based, such as an electronic mail (e-mail), website content, fax, or a Short Message Service (SMS). Alternatively or in addition, the notification or alert to the user device may be voice-based, such as a voicemail, a voice message to a telephone device. Alternatively or in addition, the notification or the alert to the user device may activate a vibrator, causing vibrations that are felt by human body touching, or may be based on a Multimedia Message Service (MMS) or Instant Messaging (IM). The messaging, alerting, and notifications may be based on, include part of, or may be according to U.S. Patent Application No. 2009/0024759 to McKibben et al. entitled: “System and Method for Providing Alerting Services”, U.S. Pat. No. 7,653,573 to Hayes, Jr. et al. entitled: “Customer Messaging Service”, U.S. Pat. No. 6,694,316 to Langseth. et al. entitled: “System and Method for a Subject-Based Channel Distribution of Automatic, Real-Time Delivery of Personalized Informational and Transactional Data”, U.S. Pat. No. 7,334,001 to Eichstaedt et al. entitled: “Method and System for Data Collection for Alert Delivery”, U.S. Pat. No. 7,136,482 to Wille entitled: “Progressive Alert Indications in a Communication Device”, U.S. Patent Application No. 2007/0214095 to Adams et al. entitled: “Monitoring and Notification System and Method”, U.S. Patent Application No. 2008/0258913 to Busey entitled: “Electronic Personal Alert System”, or U.S. Pat. No. 7,557,689 to Seddigh et al. entitled: “Customer Messaging Service”, which are all incorporated in their entirety for all purposes as if fully set forth herein.
(85) The monitor module 81b may comprise a sensor 65 having an output coupled to the processor 82b and responsive to a physical phenomenon. The sensor 65 may provide an electrical output signal in response to a physical, chemical, biological or any other phenomenon, serving as a stimulus to the sensor. The sensor may serve as, or be, a detector, for detecting the presence of the phenomenon. Alternatively or in addition, a sensor may measure (or respond to) a parameter of a phenomenon or a magnitude of the physical quantity thereof. For example, the sensor 65 may be a thermistor or a platinum resistance temperature detector, a light sensor, a pH probe, a microphone for audio receiving, or a piezoelectric bridge. Any element capable of measuring or responding to a physical phenomenon may be used as a sensor. An appropriate sensor may be adapted for a specific physical phenomenon, such as a sensor responsive to temperature, humidity, pressure, audio, vibration, light, motion, sound, proximity, flow rate, electrical voltage, and electrical current.
(86) In the case of a changing characteristic sensor or in the case of an active sensor, the unit may include an excitation or measuring circuits (such as a bridge) to generate the sensor electrical signal. The sensor output signal may be conditioned by a signal conditioning circuit. The signal conditioner may involve time, frequency, or magnitude related manipulations. The signal conditioner may be linear or non-linear, and may include an operation or an instrument amplifier, a multiplexer, a frequency converter, a frequency-to-voltage converter, a voltage-to-frequency converter, a current-to-voltage converter, a current loop converter, a charge converter, an attenuator, a sample-and-hold circuit, a peak-detector, a voltage or current limiter, a delay line or circuit, a level translator, a galvanic isolator, an impedance transformer, a linearization circuit, a calibrator, a passive or active (or adaptive) filter, an integrator, a deviator, an equalizer, a spectrum analyzer, a compressor or a de-compressor, a coder (or decoder), a modulator (or demodulator), a pattern recognizer, a smoother, a noise remover, an average or RMS circuit, or any combination thereof. In the case of an analog sensor, an analog to digital (A/D) converter may be used to convert the conditioned sensor output signal to a digital sensor data. The unit may include a computer for controlling and managing the unit operation, processing the digital sensor data and handling the unit communication. The unit may include a modem or transceiver coupled to a network port (such as a connector or antenna), for interfacing and communicating over a network.
(87) The sensor 65 may be an analog sensor having an analog signal output such as analog voltage or current, or may have continuously variable impedance. Alternatively on in addition, the sensor 65 may have a digital signal output. A sensor may serve as a detector, notifying only the presence of a phenomenon, such as by a switch, and may use a fixed or settable threshold level. A sensor may measure time-dependent or space-dependent parameters of a phenomenon. A sensor may measure time-dependencies or a phenomenon such as the rate of change, time-integrated or time-average, duty-cycle, frequency or time period between events. A sensor may be a passive sensor, or an active sensor requiring an external source of excitation. The sensor may be semiconductor-based, and may be based on MEMS technology.
(88) The sensor 65 may be a motion detector or an occupancy sensor. A motion detector is a device for motion detection, that contains a physical mechanism or electronic sensor that quantifies motion commonly in order alert the user of the presence of a moving object within the field of view, or in general confirming a change in the position of an object relative to its surroundings or the change in the surroundings relative to an object. The object may be the peripheral device 72. This detection can be achieved by both mechanical and electronic methods. In addition to discrete, on or off motion detection, it can also consist of magnitude detection that can measure and quantify the strength or speed of this motion or the object that created it. Motion can be typically detected by sound (acoustic sensors), opacity (optical and infrared sensors and video image processors), geomagnetism (magnetic sensors, magnetometers), a reflection of the transmitted energy (infrared laser radar, ultrasonic sensors, and microwave radar sensors), electromagnetic induction (inductive-loop detectors), and vibration (triboelectric, seismic, and inertia-switch sensors). Acoustic sensors are based on Electret effect, inductive coupling, capacitive coupling, triboelectric effect, piezoelectric effect, and fiber optic transmission. Radar intrusion sensors usually have the lowest rate of false alarms. In one example, an electronic motion detector contains a motion sensor that transforms the detection of motion into an electrical signal. This can be achieved by measuring optical or acoustical changes in the field of view. Most motion detectors can detect up to 15-25 meters (50-80 ft.). An occupancy sensor is typically a motion detector that is integrated with hardware or software-based timing device. For example, it can be used for preventing illumination of unoccupied spaces, by sensing when motion has stopped for a specified time period, in order to trigger a light extinguishing signal.
(89) One basic form of mechanical motion detection is in the form of a mechanically-actuated switch or trigger. For electronic motion detection, passive or active sensors may be used, where four types of sensors commonly used in motion detectors spectrum: Passive infrared sensors (passive) which looks for body heat, while no energy is emitted from the sensor, ultrasonic (active) sensors that send out pulses of ultrasonic waves, and measures the reflection off a moving object, microwave (active) sensor that sends out microwave pulses and measures the reflection off a moving object, and tomographic detector (active) which senses disturbances to radio waves as they travel through an area surrounded by mesh network nodes. Alternatively or in addition, motion can be electronically identified using an optical detection or acoustical detection. Infrared light or laser technology may be used for optical detection. Motion detection devices, such as PIR (Passive Infrared Sensor) motion detectors, have a sensor that detects a disturbance in the infrared spectrum, such as a person or an animal.
(90) Many motion detectors use a combination of different technologies. These dual-technology detectors benefit with each type of sensor, and false alarms are reduced. Placement of the sensors can be strategically mounted to lessen the chance of pets activating alarms. Often, PIR technology will be paired with another model to maximize accuracy and reduce energy usage. PIR draws less energy than microwave detection, and so many sensors are calibrated so that when the PIR sensor is tripped, it activates a microwave sensor. If the latter also picks up an intruder, then the alarm is sounded. As interior motion detectors do not ‘see’ through windows or walls, motion-sensitive outdoor lighting is often recommended to enhance comprehensive efforts to protect a property. Some application for motion detection are (a) detection of unauthorized entry, (b) detection of cessation of occupancy of an area to extinguish lights and (c) detection of a moving object, which triggers a camera to record subsequent events.
(91) The sensor 65 may be a CCD or CMOS based image sensor, for capturing still or video images. The image capturing hardware integrated with the unit may contain a photographic lens (through a lens opening) focusing the required image onto an image sensor. The image may be converted into a digital format by an image sensor AFE, (Analog Front End) and an image processor. An image or video compressor for compression of the image information may be used for reducing the memory size and reducing the data rate required for the transmission over the communication medium. Similarly, the sensor may be a voice sensor such as a microphone, and may similarly include a voice processor or a voice compressor (or both). The image or voice compression may be standard or proprietary, may be based on intraframe or interframe compression, and may be lossy or non-lossy compression.
(92) The sensor may be thermoelectric sensor, for measuring, sensing or detecting the temperature (or the temperature gradient) of an object, which may be solid, liquid or gas. Such sensor may be a thermistor (either PTC or NTC), a thermocouple, a quartz thermometer, or an RTD. The object may be the peripheral device 72. The sensor may be based on a Geiger counter for detecting and measuring radioactivity or any other nuclear radiation. Light, photons, or other optical phenomena may be measured or detected by a photosensor or photodetector, used for measuring the intensity of visible or invisible light (such as infrared, ultraviolet, X-ray or gamma rays). A photosensor may be based on the photoelectric or the photovoltaic effect, such as a photodiode, a phototransistor, solar cell or a photomultiplier tube. A photosensor may be a photoresistor based on photoconductivity, or a CCD where a charge is affected by the light. The sensor may be an electrochemical sensor used to measure, sense, or detect a matter structure, properties, composition, and reactions, such as pH meters, gas detector, or gas sensor. Using semiconductors, oxidation, catalytic, infrared or other sensing or detection mechanisms, the gas detector may be used to detect the presence of a gas (or gases) such as hydrogen, oxygen or CO. The sensor may be a smoke detector for detecting smoke or fire, typically by an optical detection (photoelectric) or by a physical process (ionization).
(93) A sensor may be an image sensor for providing digital camera functionality, allowing an image (either as still images or as a video) to be captured, stored, manipulated and displayed. The image capturing hardware integrated with the sensor unit may contain a photographic lens (through a lens opening) focusing the required image onto a photosensitive image sensor array disposed approximately at an image focal point plane of the optical lens, for capturing the image and producing electronic image information representing the image. The image sensor may be based on Charge-Coupled Devices (CCD) or Complementary Metal-Oxide-Semiconductor (CMOS). The image may be converted into a digital format by an image sensor AFE, (Analog Front End) and an image processor, commonly including an analog to digital (A/D) converter coupled to the image sensor for generating a digital data representation of the image. The unit may contain a video compressor, coupled between the analog to digital (A/D) converter and the transmitter for compressing the digital data video before transmission to the communication medium. The compressor may be used for lossy or non-lossy compression of the image information, for reducing the memory size and reducing the data rate required for the transmission over the communication medium. The compression may be based on a standard compression algorithm such as JPEG (Joint Photographic Experts Group) and MPEG (Moving Picture Experts Group), ITU-T H.261, ITU-T H.263, ITU-T H.264, or ITU-T CCIR 601.
(94) The digital data video signal carrying a digital data video according to a digital video format, and a transmitter coupled between the port and the image processor for transmitting the digital data video signal to the communication medium. The digital video format may be based on one out of: TIFF (Tagged Image File Format), RAW format, AVI (Audio Video Interleaved), DV, MOV, WMV, MP4, DCF (Design Rule for Camera Format), ITU-T H.261, ITU-T H.263, ITU-T H.264, ITU-T CCIR 601, ASF, Exif (Exchangeable Image File Format), and DPOF (Digital Print Order Format) standards.
(95) The sensor 65 may be an electroacoustic sensor that responds to sound waves (which are essentially vibrations transmitted through an elastic solid or a liquid or gas), such as a microphone, which converts sound into electrical energy, usually by means of a ribbon or diaphragm set into motion by the sound waves. The sound may be audio or audible, having frequencies in the approximate range of 20 to 20,000 hertz, capable of being detected by human organs of hearing. Alternatively or in addition, the microphone may be used to sense inaudible frequencies, such as ultrasonic (a.k.a. ultrasound) acoustic frequencies that are above the range audible to the human ear, or above approximately 20,000 Hz. A microphone may be a condenser microphone (a.k.a. capacitor or electrostatic microphone) where the diaphragm acts as one plate of a two plates capacitor, and the vibrations changes the distance between plates, hence changing the capacitance.
(96) An electret microphone is a capacitor microphone based on a permanent charge of an electret or a polarized ferroelectric material. A dynamic microphone is based on electromagnetic induction, using a diaphragm attached to a small movable induction coil that is positioned in a magnetic field of a permanent magnet. The incident sound waves cause the diaphragm to vibrate, and the coil to move in the magnetic field, producing a current. Similarly, a ribbon microphone uses a thin, usually corrugated metal ribbon suspended in a magnetic field, and its vibration within the magnetic field generates the electrical signal. A loudspeaker is commonly constructed similar to a dynamic microphone, and thus may be used as a microphone as well. In a carbon microphone, the diaphragm vibrations apply varying pressure to a carbon, thus changing its electrical resistance. A piezoelectric microphone (a.k.a. crystal or piezo microphone) is based on the phenomenon of piezoelectricity in piezoelectric crystals such as potassium sodium tartrate. A microphone may be omnidirectional, unidirectional, bidirectional, or provide other directionality or polar patterns.
(97) The term ‘message’ is used herein to include any type of information or one or more datagram, handled as a single, as a set or as a group of datagrams. The datagram may be a packet or a frame, or any other type of group of data bytes (or bits) which represent an information unit.
(98) A general state diagram 140 of the operation of the peripheral emulator module 81c, that may be executed by the processor 82c under instructions stored in the memory 84c, is shown in
(99) A general state diagram 140a of the operation of the host emulator module 81a, that may be executed by the processor 82a under instructions stored in the memory 84a, is shown in
(100) A general flow chart 150 of the operation of the monitor module 81b, that may be executed by the processor 82b under instructions stored as part of the isolation application 86b in the memory 84b, is shown in
(101) In one example, a memory in the monitor module 81b (such as the memory 84b) includes a database of potential USB HID classes, where each HID class is associated with a set of criterions defining normal, regular, conventional, or any other non-suspected or non-malware associated activities, interactions, or messages. Upon connecting a USB peripheral device 72 and identifying the device HID class, the set of criterions associated with the detected HID class is applied, and the peripheral device activity is checked using the set of criterions.
(102) Upon receiving a message, such as in the case of using an input device by a person (e.g., typing on a keyboard or moving a pointing device), the message is checked as part of an “Analyze Message” step 153. In this step, a single piece of information, such as the received message or a single part thereof, is checked, such as a character, string, word, or a single file. The analysis may apply a black-list (blacklist) or a white-list (whitelist) concept (or both). A blacklist is a list of entries, such that upon being detected in the message (or part thereof), renders the component as “suspected”, while the lack of such entries may render the component as “legitimate”. Conversely or in addition, a white-list concept may be applied, referring to a list of entries that upon being detected in the message (or part thereof), renders the component as “legitimate”, while the lack thereof may render the component as “suspected”.
(103) An interface standard is typically a generally accepted technical document describing one or more functional characteristics or physical characteristics, necessary to allow the exchange of information between two or more (usually different) systems or pieces of equipment, commonly in order for a device from one vendor to interact, communicate, or interface with another device of another vendor. In particular, standards may define a list of the messages (such as opcodes or characters) and their related functionality, allowing for an application (provided by one vendor) to effectively use, and interface with a peripheral provided by another vendor. In one example, a peripheral device operation is associated with an industry standard defining the messages and their meaning. For example, keyboards are known to provide characters according to the ASCII code. In such a case, the black list may include a list of characters that are not used, or are not defined, by the appropriate standard. Alternatively or in addition, the black list may include messages defined by the standard as ‘reserved’ or ‘vendor use only’. Alternatively or in addition, the black list may include messages (or part thereof) that are rarely used, such as various control characters that are for legacy support purposes, or are applicable only to special scenarios. Alternatively or in addition, the black list may include messages (or part thereof) that are not relevant to a specific organization, or a specific individual human, or a group of people. For example, when using a keyboard, an organization located and active only in the US may include in the black list characters in language that are not used by anyone in that organization.
(104) In one example, the message (or a part thereof) may consist of, include, or may be associated with a numerical value, which may be an indication of a quantity. In such a case, the numeric value may be compared to a preset threshold. The threshold may be a maximum value, whereupon a component related numerical value exceeding the threshold is determined as ‘suspected’, while a numerical value below the threshold is determined as ‘legitimate’. Alternatively or in addition, the threshold may be a minimum value, whereupon a component related numerical value exceeding the threshold is determined as ‘legitimate’, while a numerical value below the threshold is determined as ‘suspected’.
(105) For example, a component numerical parameter may be the associated with a date. A threshold may be used in order to identify invalid dates, and such component will be considered as ‘suspected’. For example, a day of the month is limited to 31 (or less, according to the month), and a month is limited to be under 12. For example, a component associated with a date of 2014-10-45 (assuming YYYY-MM-DD format), denoting the 45.sup.th day in October, at year 2014, is considered as ‘suspected’, since the date value exceeds 31. Similarly, a component associated with a date of 2014-14-31 is considered as ‘suspected’, since the month value exceeds 12. Conversely, dates such as 2014-10-31 or 2015-1-31 are considered as ‘legitimate’. Further, a minimum threshold of “1” may be used, thus rendering dates such as 2013-0-15, 2012-8-0, or 0-0-0 as ‘suspected’. Further, the dates that are after the current date, such as a component associated with the date 2245-3-6 may as well be rendered as ‘suspected’.
(106) In one example, the black list includes a list of HID classes, such as input devices only or even limited only to keyboards. Hence, upon connecting a peripheral device having HID class that is in the black-list, a ‘suspected’ state may be assumed.
(107) In the case a message is found ‘suspected’ as part of the “Analyze Message” step 153, such as when the intercepted message is found to be in the black-list associated with the peripheral device 72 HID class, the monitor module 81b assumes that there is a threat relating to the peripheral device 72 operation, and next performs a “Corrective Actions” step 158 that further handles and mitigates the threat and its consequences. In a case where the message was found to be “Legitimate”, such as when the intercepted message is found to be in the white-list (or not in the black list) associated with the peripheral device 72 HID class, an “Analyze Sequence” step 154 is executed.
(108) As part of the “Analyze Sequence” step 154, a group of the last messages is checked as a group. The former messages that were stored as part of the “Store Message” step 157 may be fetched from the respective memory to form the messages sequence to be analyzed.
(109) In one example, the sequence is checked versus time, using a timer. Any timer for measuring time intervals may be used, and may be hardware based, which is typically a digital counter that either increment or decrement at a fixed frequency, which is often configurable, and which interrupts the processor when reaching zero, or alternatively a counter with a sufficiently large word size that will not reach its counter limit before the end of life of the system. Alternatively or in addition, a software based timer may be used, for example implemented by the processor 82b, typically as a service of the operating system. Typically, the time measurement is based on the clock signal provided to the processor.
(110) In one example, the sequence includes two consecutive messages, and the time interval between the two messages is measured by the timer. Alternatively or in addition, the time interval between a start of a first message in the sequence and an end of a last message is measured by the timer, further allowing calculating a rate of the sequence receipt (i.e., in messages per second or bits per second). The measured time interval (or the calculated rate) may be compared to a preset threshold. The threshold may be a maximum value, whereupon a measured time (or rate) exceeding the threshold is determined as ‘suspected’, while a numerical value below the threshold is determined as ‘legitimate’. Alternatively or in addition, the threshold may be a minimum value, whereupon a measured time (or rate) exceeding the threshold is determined as ‘legitimate’, while a numerical value below the threshold is determined as ‘suspected’. Such a timing measurement may be used to ascertain that the input device is indeed operated by a human, and is not an automaton. In the example of a keyboard as an input device, it is estimated that human typing speed is in the 10-80 Word Per Minute (wpm) range, hence a measured rate bot in this range, such as 100 wpm, may be considered as “suspected”.
(111) Alternatively or in addition, known problematic patterns, such as patterns known to be originated by a malware, may be detected by applying pattern-matching algorithm to the messages sequence, and such patterns may be identified as suspected. Further, anomaly detection (or outlier detection) scheme may be used, based on identification of opcodes which do not conform to an expected pattern or other items in a dataset, and typically the anomalous opcode (or sequence) is declared as suspected. Several categories of anomaly detection techniques exist, all of which may be used to analyze sequences. For example, unsupervised anomaly detection techniques detect anomalies in an unlabeled test data set under the assumption that the majority of the instances in the data-set are normal by looking for instances that seem to fit least to the remainder of the data set. Supervised anomaly detection techniques require a data set that has been labeled as “normal” and “abnormal”, and involves training a classifier (the key difference in many other statistical classification problems is the inherent unbalanced nature of the outlier detection). Semi-supervised anomaly detection techniques construct a model by representing normal behavior from a given normal training data set, and then testing the likelihood of a test instance to be generated by the learned model. The anomaly detection may further based on, or use, one or more of the schemes described in the University of Minnesota Technical Report TR 07-017 entitled: “Anomaly Detection: A survey”, by Varun Chandola, Arindam Banerjee, and Vopin Kumar, dated Aug. 15, 2007, which is incorporated in its entirety for all purposes as if fully set forth herein.
(112) Alternatively or in addition to the examples herein regarding analyzing the content of a message or of a sequence of message, the format or file structure of a group of messages may be equally analyzed to satisfy a pre-set criterion or criteria. In one example, the peripheral device 72 is a video camera, outputting video data stream in an MPEG-2 or MPEG-4 format. In this case, the messages sequence is related to the video stream may be analyzed to have a data rate that is in specified limit. Further, the received messages may be checked to be in the form of the expected MP2 or MP4 standard, and in the case no match is found, the data stream is considered as ‘suspected’.
(113) Alternatively or in addition, a group of multiple (consecutive or non-consecutive) messages or commands are analyzed together as a set or group, where the criterion is based on checking the order or the order pattern or the relationships between the messages in the group. For example, if a message of a type ‘A’ is expected to appear only after a message of a type ‘B’, and in the analyzed group the message ‘A’ appears after the message ‘C’, the group may be classified as ‘suspected’. Further, if a certain message appears multiple times (consecutively or non-consecutively), and such repetition is not legitimate, then such group may be classified as ‘suspected’. Other variations of analyzing the type, repetition, and order may be used for the analysis.
(114) In the case a sequence of messages is found ‘suspected’ as part of the “Analyze Sequence” step 154, the monitor module 81b assumes that there is a threat relating to the peripheral device 72 operation, and next performs a “Corrective Actions” step 158 that further handles and mitigates the threat and its consequences. In a case where the message was found to be “Legitimate”, an “Analyze Environment” step 155 is executed. As part of this step, a message or a sequence of messages are checked versus an environmental condition, which may not be related to the message or messages content.
(115) In one example, the message timing, such as the time of receiving the message, is checked using a Time of Day (TOD) information. The time of day, such as hour, day, day of the week, or day of the month, may be obtained using a software, or based on an RTC component (or IC) in the monitor module 81b. Since an input peripheral device, and sometimes an output peripheral device, is assumed to be interacting with a human, an activity of such an input peripheral device when no human is present is suspected, and may be a malware-related activity. For example, an organization employing an isolator device 80 may define specific periods when it is not likely that human is present and interact with the input peripheral, such as late at night (e.g., 23:00 to 5:00), weekends, and holidays. Any peripheral device activity in the defined time periods may be assumed as ‘suspected’.
(116) Alternatively or in addition, the sensor 65 is used to sense the presence of a human body. Such a scheme is pictorially shown as an arrangement 160 in
(117) Alternatively or in addition, the sensor 65 may be used to sense a physical phenomenon produced by the peripheral device 72 as part of its operation, and the monitor module 81b may check the correlation between the messaging activity of the peripheral device 72 and the sensed physical phenomenon sensed by the sensor 65. Such a scheme is pictorially shown as an arrangement 160a in
(118) In the case an environment check is found ‘suspected’ as part of the “Analyze Environment” step 155, the monitor module 81b assumes that there is a threat relating to the peripheral device 72 operations, and next performs the “Corrective Actions” step 158 that further handles and mitigates the threat and its consequences. In a case where the environment was found to be “Legitimate”, the message received from the host emulator module 81a is transparently passed to the peripheral emulator module 81c, for transferring it to the host device 71 over the USB connection 87b, as part of a “Pass Message” step 156, followed by resuming to the “Idle” step 151.
(119) A state diagram 170 shown in
(120) Various actions may be performed as part of the “Corrective Actions” step 158 (which may correspond to the “Suspected” state 173), as described in the flow chart 150 in
(121) In the ‘suspected’ state 173, in contrast to the actions taken as part of the “Pass Message” step 156, messages received from the peripheral device 72, or messages directed to the peripheral device 72, are blocked as part of the “Block Message” step 158b. Further, the logical USB connection 87a may be inhibited, obviating any traffic to or from the peripheral device, either by the monitor module 81b, or by forcing the host emulator module 81a to ‘suspend’ mode. Alternatively or in addition, the power supplied to the peripheral device 72 over the USB connection 87a may be disconnected, such as by controlling the USB source 26c to disconnect the USB power to the USB connection 87a.
(122) As part of the “Notify user” step 158c, the user is locally notified of entering the “Suspected” state 173 by using visual, audible, or any other notification means. The user notification may use the annunciator that may be part of the User Control 88. Alternatively or in addition, the notification or alert may be sent to a remote user. The notification to the user device may be text based, such as an electronic mail (e-mail), website content, fax, or a Short Message Service (SMS). Alternatively or in addition, the notification or alert to the user device may be voice-based, such as a voicemail or a voice message to a telephone device. Alternatively or in addition, the notification or the alert to the user device may activate a vibrator, causing vibrations that are felt by human body touching, or may be based on a Multimedia Message Service (MMS) or Instant Messaging (IM). The messaging, alerting, and notifications may be based on, include part of, or may be according to U.S. Patent Application No. 2009/0024759 to McKibben et al. entitled: “System and Method for Providing Alerting Services”, U.S. Pat. No. 7,653,573 to Hayes, Jr. et al. entitled: “Customer Messaging Service”, U.S. Pat. No. 6,694,316 to Langseth. et al. entitled: “System and Method for a Subject-Based Channel Distribution of Automatic, Real-Time Delivery of Personalized Informational and Transactional Data”, U.S. Pat. No. 7,334,001 to Eichstaedt et al. entitled: “Method and System for Data Collection for Alert Delivery”, U.S. Pat. No. 7,136,482 to Wille entitled: “Progressive Alert Indications in a Communication Device”, U.S. Patent Application No. 2007/0214095 to Adams et al. entitled: “Monitoring and Notification System and Method”, U.S. Patent Application No. 2008/0258913 to Busey entitled: “Electronic Personal Alert System”, or U.S. Pat. No. 7,557,689 to Seddigh et al. entitled: “Customer Messaging Service”, which are all incorporated in their entirety for all purposes as if fully set forth herein.
(123) While exampled regarding and input peripheral device, the system and methods herein equally applies to any type of peripheral, including an output peripheral device.
(124) In one example, the isolator device 80 may be used for enabling communication between the peripheral device 72 and a remote server device, while using the host device 71 as a communication channel Such an arrangement 180 is shown in
(125) Since the communication with the server device 23 is over a public or non-trusted network, such as the Internet 22, a secured communication should be used. Preferably, an encrypted tunneling connection is used, such as where the isolator device 80 and the server device 23 negotiate encryption keys, essentially creating an encrypted “tunnel” connection through the un-trusted network, and then communicate encrypted information over the un-trusted network, where the encrypted information is decrypted at the endpoints. Any secured tunneling protocol or technology may be used.
(126) In one example, shown as an arrangement 180b in
(127) Two-factor authentication for VPNs may be used for the VPN connection 182, which may involve providing authentication data from a hardware token to VPN software on a separate machine. One example of a hardware token used for two-factor authentication is the RSA SecurID card. Typically, the hardware token (the card) generates authentication material at the outset of the VPN session when the user enters a Personal Identification Number (PIN) into the token. The user then copies the authentication material displayed by the token into the VPN software. This two-factor process protects the private network if the device running the VPN software is misplaced or stolen. However, this process is inconvenient for the user and can only be used at the outset of a VPN session; the process cannot be used to protect the secret data of an always-on VPN.
(128) The isolator device 80h, serving as the VPN client, initiates the VPN connection 182 with VPN server 23 over a public network. For example, the VPN server device 23 may receive a request to create the VPN connection 182 from VPN client 80h. In response, the VPN server 23 authenticates VPN client 80h, negotiates encryption keys with the VPN client device 80h, and establishes the VPN connection 182 between the two devices. Negotiating encryption keys may involve performing Internet Key Exchange (IKE or IKEv2) as part of establishing a session under the Security Protocol for the Internet (IPSec), as described in IETF RFC 2409 and RFC 4306. Alternatively, negotiating encryption keys may involve performing RSA Key Exchange or Diffie-Helman Key Exchange (RFC 2631) as part of establishing a session under the Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocol. The encryption keys are used by the VPN client 80h and the VPN server 23 to encrypt, and decrypt data communicated between the two devices over any public or untrusted network.
(129) In one example, the key data used by the VPN client 80h is based on a content of a non-volatile memory device, such as a CompactFlash (CF), MiniSD card, MicroSD Card, or xD-Picture Card. The key data, which may serve as the resumption credentials, comprises information required to resume the VPN connection later without requiring the VPN client device 80h to re-authenticate with the VPN server device 23. According to one embodiment, the key data include authentication information. For example, the authentication information may include a username, password, security question answers and/or a digital certificate. In addition or alternatively, the authentication information may include one or more long-term VPN authentication keys. For example, long-term authentication keys include private keys, such as an RSA signing key, or shared secret keys, such as an IKE pre-shared key, that are used at the outset of a VPN session to authenticate a VPN endpoint. The VPN session may be an IKE session, or an SSL, TLS, or DTLS session. The key data may also include one or more session keys that are used to encrypt and/or decrypt messages sent and received over the VPN connection. An ongoing VPN session typically has secret keys that are session specific. For IPSec, session keys include ESP and IKE phase two keys. For SSL, TLS, or DTLS, session keys are the keys generated from the pre-master secret.
(130) In operation, the VPN server 23 accepts VPN connections from the VPN client 80h, and is communicatively coupled to a plurality of network resources, including various network resources. Once a secure communication channel 182 has been established between the VPN client 80h and the VPN server 23 over the Internet 22, the VPN client 80h may securely access data residing on the VPN server 23 or any related resources, and the VPN server device 23 may securely access data residing in the peripheral device 72.
(131) In one example, the peripheral device 72 is a non-volatile memory device, such as a USB Flash drive or a Hard Disk-Drive (HDD), or any other device classified as an USB Mass Storage Device class (USB MSC or UMS). Any memory type may equally be applied, may be a random-accessed or a sequential-accessed memory, and may be location-based, randomly-accessed, and can be written multiple times. The memory may be volatile and based on semiconductor storage medium, such as RAM, SRAM, DRAM, TTRAM and Z-RAM, and may be non-volatile and based on semiconductor storage medium, such as ROM, PROM, EPROM or EEPROM, and may be Hash-based, such as SSD drive or USB ‘Thumb’ drive. The memory may be based on non-volatile magnetic storage medium, or on an optical storage medium that is recordable and removable, and may include an optical disk drive, such as CD-RW, DVD-RW, DVD+RW, DVD-RAM BD-RE, CD-ROM, BD-ROM or DVD-ROM.
(132) In such a case, the arrangement 180b may be used for checking the data stored in the memory device, such as for verifying the data integrity, or for checking for infection or presence of a malware, using the services provided by the VPN server 23. In operation, the data stored in the memory device is read by the isolator device 80h, and sent over the VPN tunnel 182 to the VPN server 23 to be checked therein. In one example, all the data (such as all the files) stored in the memory device are read by the isolator device 80h and sent over the VPN connection 182 to be checked by the VPN server 23. Alternatively or in addition, part of the stored data (such as selected files) may only be read and sent for verification. The data or files may be selected by a user, and may use various user interface peripherals, as shown in an arrangement 180c in
(133) While exampled above regarding a USB bus, the devices and methods herein may equally apply to any wired connection between a host device and peripheral device. For example, the peripheral may be the HDD 41 connected via an SATA bus over SATA defined cables as shown in arrangements 40 and 40a respectively shown in
(134) While exampled above regarding a host device 71 connected via the isolator device 80 to a single peripheral device 72, any number of peripheral devices may be equally used, such as 2, 3, 4, 5, 6, 7, 8, 9, or 10 peripheral devices. In such a case, a USB hub software is included in the isolator device 80, such as stored in the memory 84b, or as part of the isolation application 86b. An example of an isolator device 201 connected to two peripheral devices 72 and 72a, over two respective USB connections 87a and 87aa, is shown in an arrangement 200 in
(135) While exampled above regarding a USB bus connecting the host computer device 71 and the peripheral device 72, any industry standard or proprietary bus type may equally be used. A communication link (such as Ethernet, or any other LAN, PAN or WAN communication link) may also be regarded as bus herein. A bus may be an internal bus (a.k.a. local bus), primarily designed to connect a processor or CPU to peripherals inside a computer system enclosure, such as connecting components over the motherboard or backplane. Alternatively, a bus may be an external bus, primarily intended for connecting the processor or the motherboard to devices and peripherals external to the computer system enclosure. Some buses may be doubly used as internal, or external buses. A bus may be of parallel type, where each word (address or data) is carried in parallel over multiple electrical conductors or wires; or alternatively, may be bit-serial, where bits are carried sequentially, such as one bit at a time. A bus may support multiple serial links or lanes, aggregated or bonded for higher bit-rate transport. Non-limiting examples of internal parallel buses include ISA (Industry Standard architecture); EISA (Extended ISA); NuBus (IEEE 1196); PATA—Parallel ATA (Advanced Technology Attachment) variants such as IDE, EIDE, ATAPI, SBus (IEEE 1496), VESA Local Bus (VLB), PCI and PC/104 variants (PC/104, PC/104 Plus, PC/104 Express).
(136) Non-limiting examples of internal serial buses include PCIe (PCI Express), Serial ATA (SATA), SMBus, and Serial Peripheral Bus (SPI) bus. Non-limiting examples of external parallel buses include HIPPI (HIgh Performance Parallel Interface), IEEE-1284 (‘Centronix’), IEEE-488 (a.k.a. GPIB—General Purpose Interface Bus) and PC Card/PCMCIA. Non-limiting examples of external serial buses include USB (Universal Serial Bus), eSATA and IEEE 1394 (a.k.a. FireWire). Non-limiting examples of buses that can be internal or external are Futurebus, InfiniBand, SCSI (Small Computer System Interface), and SAS (Serial Attached SCSI). The bus medium may be based on electrical conductors, commonly copper wires based cable (may be arranged as twisted-pairs) or a fiber-optic cable. The bus topology may use point-to-point, multi-drop (electrical parallel) and daisy-chain, and may further be based on hubs or switches. A point-to-point bus may be full-duplex, providing simultaneous, two-way transmission (and sometimes independent) in both directions, or alternatively a bus may be half-duplex, where the transmission can be in either direction, but only in one direction at a time.
(137) Buses are further commonly characterized by their throughput (data bit-rate), signaling rate, medium length, connectors, and media types, latency, scalability, quality-of-service, devices per connection or channel, and supported bus-width. A configuration of a bus for a specific environment may be automatic (hardware or software based, or both), or may involve user or installer activities such as software settings or jumpers. Recent buses are self-repairable, where spare connection (net) is provided which is used in the event of a malfunction in a connection. Some buses support hot-plugging (sometimes known as hot swapping), where a connection or a replacement can be made, without significant interruption to the system or without the need to shut-off any power.
(138) Any other auxiliary devices or any computer peripherals may equally be used as the peripheral device 72, or any other device that is connectable to a host computer, but not part of it. Further, communication between two host computers may be equally applied. The peripheral may be input device that is used to interact with, or send data to the host computer, such as a pointing device (e.g., computer mouse), a keyboard, a graphic tablet, a touchscreen, a barcode reader, an image scanner, a microphone, or a digital camera (e.g., webcam). Alternatively or in addition, the peripheral may be an output device, which provides output from the host computer to a user or to another device, such as a display device, an image projector, a graphical output device, a loudspeaker, or a printer. The peripheral may be used to connect the host computer to an external network, such as a modem or a Network Interface Card (NIC). Further, the peripheral may be in part or fully integrated with the host computer. While exampled above regarding a general computer system, any device embedding firmware or software may equally be used, and in particular any communication-related devices such as a router or firewall.
(139) The bus connecting to the between the host device 71 and the peripheral device 72 may be based on a LAN communication, such as Ethernet, and may be partly or in full in accordance with the IEEE802.3 standard. For example, Gigabit Ethernet (GbE or 1 GigE) may be used, describing various technologies for transmitting Ethernet frames at a rate of a gigabit per second (1,000,000,000 bits per second), as defined by the IEEE 802.3-2008 standard. There are five physical layer standards for gigabit Ethernet using optical fiber (1000BASE-X), twisted pair cable (1000BASE-T), or balanced copper cable (1000BASE-CX). The IEEE 802.3z standard includes 1000BASE-SX for transmission over multi-mode fiber, 1000BASE-LX for transmission over single-mode fiber, and the nearly obsolete 1000BASE-CX for transmission over balanced copper cabling. These standards use 8b/10b encoding, which inflates the line rate by 25%, from 1000 Mbit/s to 1250 Mbit/s, to ensure a DC balanced signal. The symbols are then sent using NRZ. The IEEE 802.3ab, which defines the widely used 1000BASE-T interface type, uses a different encoding scheme in order to keep the symbol rate as low as possible, allowing transmission over twisted pair. Similarly, The 10 gigabit Ethernet (10 GE or 10 GbE or 10 GigE may be used, which is a version of Ethernet with a nominal data rate of 10 Gbit/s (billion bits per second), ten times faster than gigabit Ethernet. The 10 gigabit Ethernet standard only defines full duplex point to point links that are generally connected by network switches. The 10 gigabit Ethernet standard encompasses a number of different physical layers (PHY) standards. A networking device may support different PHY types through pluggable PHY modules, such as those based on SFP+.
(140) The method and steps described herein may be used for detecting malware such as a firmware virus, a computer virus, spyware, DoS (Denial of Service), rootkit, ransomware, adware, backdoor, Trojan horse, or a destructive malware. Further, by stopping a malware related message from passing through the system (such as to, or from, a peripheral), a damage that may be caused by the malware is avoided.
(141) In the case where dedicated PCB is used, the electrical connection may use an edge connector, relating to the portion of a printed circuit board (PCB) consisting of traces leading to the edge of the board that are intended to plug into a matching socket. Such connectors are used in computers for expansion slots for peripheral cards, such as PCI, PCI Express, and AGP cards. Edge connector sockets consist of a plastic “box” open on one side, with pins on one or both side(s) of the longer edges, sprung to push into the middle of the open center. Connectors are often keyed to ensure the correct polarity, and may contain bumps or notches both for polarity, and to ensure that the wrong type of device is not inserted. The socket width is chosen to fit to the thickness of the connecting PCB.
(142) Any part of, or the whole of, any of the methods described herein may be provided as part of, or used as, an Application Programming Interface (API), defined as an intermediary software serving as the interface allowing the interaction and data sharing between an application software and the application platform, across which few or all services are provided, and commonly used to expose or use a specific software functionality, while protecting the rest of the application. The API may be based on, or according to, Portable Operating System Interface (POSIX) standard, defining the API along with command line shells and utility interfaces for software compatibility with variants of Unix and other operating systems, such as POSIX.1-2008 that is simultaneously IEEE STD. 1003.1™-2008 entitled: “Standard for Information Technology—Portable Operating System Interface (POSIX(R)) Description”, and The Open Group Technical Standard Base Specifications, Issue 7, IEEE STD. 1003.1™, 2013 Edition.
(143) Examples of web browsers include Microsoft Internet Explorer (available from Microsoft Corporation, headquartered in Redmond, Wash., U.S.A.), Google Chrome which is a freeware web browser (developed by Google, headquartered in Googleplex, Mountain View, Calif., U.S.A.), Opera™ (developed by Opera Software ASA, headquartered in Oslo, Norway), and Mozilla Firefox® (developed by Mozilla Corporation headquartered in Mountain View, Calif., U.S.A.). The web-browser may be a mobile browser, such as Safari (developed by Apple Inc. headquartered in Apple Campus, Cupertino, Calif., U.S.A), Opera Mini™ (developed by Opera Software ASA, headquartered in Oslo, Norway), and Android web browser.
(144) Any part of, or whole of, any of the methods described herein may be implemented by a processor such as processor 12, and may further be used in conjunction with various devices and systems, for example a device may be a Personal Computer (PC), a desktop computer, a mobile computer, a laptop computer, a notebook computer, a tablet computer, a server computer, a handheld computer, a handheld device, a Personal Digital Assistant (PDA) device, a cellular handset, a handheld PDA device, an on-board device, an off-board device, a hybrid device, a vehicular device, a non-vehicular device, a mobile or portable device, or a non-mobile or non-portable device.
(145) The isolator device 80 herein may serve as a client device in the meaning of client/server architecture, commonly initiating requests for receiving services, functionalities, and resources, from other devices (servers or clients). Each of the these devices may further employ, store, integrate, or operate a client-oriented (or end-point dedicated) operating system, such as Microsoft Windows® (including the variants: Windows 7, Windows XP, Windows 8, and Windows 8.1, available from Microsoft Corporation, headquartered in Redmond, Wash., U.S.A.), Linux, and Google Chrome OS available from Google Inc. headquartered in Mountain View, Calif., U.S.A. Further, each of the these devices may further employ, store, integrate, or operate a mobile operating system such as Android (available from Google Inc. and includes variants such as version 2.2 (Froyo), version 2.3 (Gingerbread), version 4.0 (Ice Cream Sandwich), Version 4.2 (Jelly Bean), and version 4.4 (KitKat), iOS (available from Apple Inc., and includes variants such as versions 3-7), Windows® Phone (available from Microsoft Corporation and includes variants such as version 7, version 8, or version 9), or Blackberry® operating system (available from BlackBerry Ltd., headquartered in Waterloo, Ontario, Canada). Alternatively or in addition, each of the devices that are not denoted herein as servers may equally function as a server in the meaning of client/server architecture. Any one of the servers herein may be a web server using HyperText Transfer Protocol (HTTP) that responds to HTTP requests via the Internet, and any request herein may be an HTTP request.
(146) Examples of web browsers include Microsoft Internet Explorer (available from Microsoft Corporation, headquartered in Redmond, Wash., U.S.A.), Google Chrome which is a freeware web browser (developed by Google, headquartered in Googleplex, Mountain View, Calif., U.S.A.), Opera™ (developed by Opera Software ASA, headquartered in Oslo, Norway), and Mozilla Firefox® (developed by Mozilla Corporation headquartered in Mountain View, Calif., U.S.A.). The web-browser may be a mobile browser, such as Safari (developed by Apple Inc. headquartered in Apple Campus, Cupertino, Calif., U.S.A), Opera Mini™ (developed by Opera Software ASA, headquartered in Oslo, Norway), and Android web browser.
(147) Any device herein, such as the isolator device 80, may be integrated with a part of or in an entire appliance. The primary function of the appliance may be associated with food storage, handling, or preparation, such as microwave oven, an electric mixer, a stove, an oven, or an induction cooker for heating food, or the appliance may be a refrigerator, a freezer, a food processor, a dishwasher, a food blender, a beverage maker, a coffee-maker, or an iced-tea maker. Alternatively or in addition, the primary function of the appliance may be associated with an environmental control such as temperature control, and the appliance may consist of, or may be part of, an HVAC system, an air conditioner or a heater. Alternatively or in addition, the primary function of the appliance may be associated with a cleaning action, such as a washing machine, a clothes dryer for cleaning clothes, or a vacuum cleaner. Alternatively or in addition, the primary function of the appliance may be associated with water control or water heating. The appliance may be an answering machine, a telephone set, a home cinema system, a HiFi system, a CD or DVD player, an electric furnace, a trash compactor, a smoke detector, a light fixture, or a dehumidifier. The appliance may be a handheld computing device or a battery-operated portable electronic device, such as a notebook or laptop computer, a media player, a cellular phone, a Personal Digital Assistant (PDA), an image processing device, a digital camera, or a video recorder. The integration with the appliance may involve sharing a component such as housing in the same enclosure, sharing the same connector such as sharing a power connector for connecting to a power source, where the integration involves sharing the same connector for being powered from the same power source. The integration with the appliance may involve sharing the same power supply, sharing the same processor, or mounting onto the same surface.
(148) The steps described herein may be sequential, and performed in the described order. For example, in a case where a step is performed in response to another step, or upon completion of another step, the steps are executed one after the other. However, in the case where two or more steps are not explicitly described as being sequentially executed, these steps may be executed in any order or may be simultaneously performed. Two or more steps may be executed by two different network elements, or in the same network element, and may be executed in parallel using multiprocessing or multitasking.
(149) A tangible machine-readable medium (such as a storage) may have a set of instructions detailing part (or all) of the methods and steps described herein stored thereon, so that when executed by one or more processors, may cause the one or more processors to perform part of, or all of, the methods and steps described herein. Any of the network elements may be a computing device that comprises a processor and a computer-readable memory (or any other tangible machine-readable medium), and the computer-readable memory may comprise computer-readable instructions such that, when read by the processor, the instructions cause the processor to perform the one or more of the methods or steps described herein. Any of the disclosed flow charts or methods, or any step thereof, may be implemented in the form of software stored on a memory or a computer-readable non-transitory information storage medium such as an optical or magnetic disk, a non-volatile memory (e.g., Hash or ROM), RAM, and other forms of volatile memory. The information storage medium may be an internal part of the computer, a removable external element coupled to the computer, or unit that is remotely accessible via a wired or wireless network.
(150) Discussions herein utilizing terms such as, for example, “processing,” “computing,” “calculating,” “determining,” “establishing”, “analyzing”, “checking”, or the like, may refer to operation(s) and/or process(es) of a computer, a computing platform, a computing system, or other electronic computing device, that manipulate and/or transform data represented as physical (e.g., electronic) quantities within the computer's registers and/or memories into other data similarly represented as physical quantities within the computer's registers and/or memories or other information storage medium that may store instructions to perform operations and/or processes.
(151) Throughout the description and claims of this specification, the word “couple”, and variations of that word such as “coupling”, “coupled”, and “couplable”, refer to an electrical connection (such as a copper wire or soldered connection), a logical connection (such as through logical devices of a semiconductor device), a virtual connection (such as through randomly assigned memory locations of a memory device) or any other suitable direct or indirect connections (including combination or series of connections), for example for allowing the transfer of power, signal, or data, as well as connections formed through intervening devices or elements.
(152) The arrangements and methods described herein may be implemented using hardware, software or a combination of both. The term “integration” or “software integration” or any other reference to the integration of two programs or processes herein refers to software components (e.g., programs, modules, functions, processes etc.) that are (directly or via another component) combined, working or functioning together or form a whole, commonly for sharing a common purpose or set of objectives. Such software integration can take the form of sharing the same program code, exchanging data, being managed by the same manager program, executed by the same processor, stored on the same medium, sharing the same GUI or other user interface, sharing peripheral hardware (such as a monitor, printer, keyboard and memory), sharing data or a database, or being part of a single package. The term “integration” or “hardware integration” or integration of hardware components herein refers to hardware components that are (directly or via another component) combined, working or functioning together or form a whole, commonly for sharing a common purpose or set of objectives. Such hardware integration can take the form of sharing the same power source (or power supply) or sharing other resources, exchanging data or control (e.g., by communicating), being managed by the same manager, physically connected or attached, sharing peripheral hardware connection (such as a monitor, printer, keyboard and memory), being part of a single package or mounted in a single enclosure (or any other physical collocating), sharing a communication port, or used or controlled by the same software or hardware. The term “integration” herein refers (as applicable) to a software integration, hardware integration, or any combination thereof.
(153) Any networking protocol may be utilized for exchanging information between the network elements (e.g., clients, and servers) within the network (such as the Internet 22). For example, it is contemplated that communications can be performed using TCP/IP. Generally, HTTP and HTTPS are utilized on top of TCP/IP as the message transport envelope. These two protocols can deal with firewall technology better than other message management techniques. However, partners may choose to use a message-queuing system instead of HTTP and HTTPS if greater communications reliability is needed. A non-limiting example of a message queuing system is IBM's MQ-Series or the Microsoft Message Queue (MSMQ). The system described herein is suited for both HTTP/HTTPS, message-queuing systems, and other communications transport protocol technologies. Furthermore, depending on the differing business and technical requirements of the various partners within the network, the physical network may embrace and utilize multiple communication protocol technologies.
(154) A tangible machine-readable medium (such as a storage) may have a set of instructions detailing part (or all) of the methods and steps described herein stored thereon, so that when executed by one or more processors, may cause the one or more processors to perform part of, or all of, the methods and steps described herein. Any of the network elements may be a computing device that comprises a processor and a computer-readable memory (or any other tangible machine-readable medium), and the computer-readable memory may comprise computer-readable instructions such that, when read by the processor, the instructions causes the processor to perform the one or more of the methods or steps described herein.
(155) Any device or network element herein may comprise, consists of, or include a Personal Computer (PC), a desktop computer, a mobile computer, a laptop computer, a notebook computer, a tablet computer, a server computer, a handheld computer, a handheld device, a Personal Digital Assistant (PDA) device, a cellular handset, a handheld PDA device, an on-board device, an off-board device, a hybrid device, a vehicular device, a non-vehicular device, a mobile or portable device, a non-mobile or a non-portable device. Further, any device or network element herein may comprise, consist of, or include a major appliance (white goods) and may be an air conditioner, dishwasher, clothes dryer, drying cabinet, freezer, refrigerator, kitchen stove, water heater, washing machine, trash compactor, microwave oven and induction cooker. The appliance may similarly be a ‘small’ appliance such as TV set, CD or DVD player, camcorder, still camera, clock, alarm clock, video game console, HiFi or home cinema, telephone or answering machine.
(156) The term ‘host’ or ‘network host’ is used herein to include, but not limited to, a computer or other device connected to a computer network, such as the Internet. A network host may offer information resources, services, and applications to users or other nodes on the network, and is typically assigned a network layer host address. Computers participating in networks that use the Internet Protocol Suite may also be called IP hosts, and computers participating in the Internet are called Internet hosts, or Internet nodes. Internet hosts and other IP hosts have one or more IP addresses assigned to their network interfaces. The addresses are configured either manually by an administrator, automatically at start-up by means of the Dynamic Host Configuration Protocol (DHCP), or by stateless address autoconfiguration methods. Network hosts that participate in applications that use the client-server model of computing, are classified as server or client systems. Network hosts may also function as nodes in peer-to-peer applications, in which all nodes share and consume resources in an equipotent manner.
(157) The term “port” refers to a place of access to a device, electrical circuit or network, where energy or signal may be supplied or withdrawn. The term “interface” of a networked device refers to a physical interface, a logical interface (e.g., a portion of a physical interface or sometimes referred to in the industry as a sub-interface—for example, such as, but not limited to a particular VLAN associated with a network interface), and/or a virtual interface (e.g., traffic grouped together based on some characteristic—for example, but not limited to, a tunnel interface). As used herein, the term “independent” relating to two (or more) elements, processes, or functionalities, refers to a scenario where one does not affect nor preclude the other. For example, independent communication such as over a pair of independent data routes means that communication over one data route does not affect nor preclude the communication over the other data routes.
(158) As used herein, the term “Integrated Circuit” (IC) shall include any type of integrated device of any function where the electronic circuit is manufactured by the patterned diffusion of trace elements into the surface of a thin substrate of semiconductor material (e.g., Silicon), whether single or multiple die, or small or large scale of integration, and irrespective of process or base materials (including, without limitation Si, SiGe, CMOS and GAs) including without limitation applications specific integrated circuits (ASICs), field programmable gate arrays (FPGAs), digital processors (e.g., DSPs, CISC microprocessors, or RISC processors), so-called “system-on-a-chip” (SoC) devices, memory (e.g., DRAM, SRAM, flash memory, ROM), mixed-signal devices, and analog ICs. The circuits in an IC are typically contained in a silicon piece or in a semiconductor wafer, and commonly packaged as a unit. The solid-state circuits commonly include interconnected active and passive devices, diffused into a single silicon chip. Integrated circuits can be classified into analog, digital and mixed signal (both analog and digital on the same chip). Digital integrated circuits commonly contain many of logic gates, flip-flops, multiplexers, and other circuits in a few square millimeters. The small size of these circuits allows high speed, low power dissipation, and reduced manufacturing cost compared with board-level integration. Further, a multi-chip module (MCM) may be used, where multiple integrated circuits (ICs), the semiconductor dies, or other discrete components are packaged onto a unifying substrate, facilitating their use as a single component (as though a larger IC).
(159) The term “computer” is used generically herein to describe any number of computers, including, but not limited to personal computers, embedded processing elements and systems, control logic, ASICs, chips, workstations, mainframes, etc. Any computer herein may consist of, or be part of, a handheld computer, including any portable computer which is small enough to be held and operated while holding in one hand, or fit into a pocket. Such a device, also referred to as a mobile device, typically has a display screen with a touch input and/or a miniature keyboard. Non-limiting examples of such devices include Digital Still Camera (DSC), Digital video Camera (DVC or digital camcorder), Personal Digital Assistant (PDA), and mobile phones and Smartphones.
(160) The mobile devices may combine video, audio and advanced communications capabilities, such as PAN and WLAN. A mobile phone (also known as a cellular phone, cell phone and a hand phone) is a device which can make and receive telephone calls over a radio link whilst moving around a wide geographic area, by connecting to a cellular network provided by a mobile network operator. The calls are to and from the public telephone network, which includes other mobiles and fixed-line phones across the world. The Smartphones may combine the functions of a personal digital assistant (PDA), and may serve as portable media players and camera phones with high-resolution touch-screens, web browsers that can access, and properly display, standard web pages rather than just mobile-optimized sites, GPS navigation, Wi-Fi and mobile broadband access. In addition to telephony, the Smartphones may support a wide variety of other services such as text messaging, MMS, email, Internet access, short-range wireless communications (infrared, Bluetooth), business applications, gaming and photography.
(161) As used herein, the terms “program”, “programmable”, and “computer program” are meant to include any sequence or human or machine cognizable steps which perform a function. Such programs are not inherently related to any particular computer or other apparatus, and may be rendered in virtually any programming language or environment including, for example, C/C++, Fortran, COBOL, PASCAL, assembly language, markup languages (e.g., HTML, SGML, XML, VoXML), and the likes, as well as object-oriented environments such as the Common Object Request Broker Architecture (CORBA), Java™ (including J2ME, Java Beans, etc.) and the like, as well as in firmware or other implementations. Generally, program modules include routines, programs, objects, components, data structures, etc., that performs particular tasks or implement particular abstract data types.
(162) The terms “task” and “process” are used generically herein to describe any type of running programs, including, but not limited to a computer process, task, thread, executing application, operating system, user process, device driver, native code, machine or other language, etc., and can be interactive and/or non-interactive, executing locally and/or remotely, executing in foreground and/or background, executing in the user and/or operating system address spaces, a routine of a library and/or standalone application, and is not limited to any particular memory partitioning technique. The steps, connections, and processing of signals and information illustrated in the figures, including, but not limited to any block and flow diagrams and message sequence charts, may typically be performed in the same or in a different serial or parallel ordering and/or by different components and/or processes, threads, etc., and/or over different connections and be combined with other functions in other embodiments, unless this disables the embodiment or a sequence is explicitly or implicitly required (e.g., for a sequence of reading the value, processing the value—the value must be obtained prior to processing it, although some of the associated processing may be performed prior to, concurrently with, and/or after the read operation). Where certain process steps are described in a particular order or where alphabetic and/or alphanumeric labels are used to identify certain steps, the embodiments of the invention are not limited to any particular order of carrying out such steps. In particular, the labels are used merely for convenient identification of steps, and are not intended to imply, specify or require a particular order for carrying out such steps. Furthermore, other embodiments may use more or less steps than those discussed herein. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
(163) As used herein, the terms “network”, “communication link” and “communications mechanism” are used generically to describe one or more networks, communications media or communications systems, including, but not limited to, the Internet, private or public telephone, cellular, wireless, satellite, cable, data networks. Data networks include, but not limited to, Metropolitan Area Networks (MANs), Wide Area Networks (WANs), Local Area Networks (LANs), Personal Area networks (PANs), WLANs (Wireless LANs), Internet, internets, NGN, intranets, Hybrid Fiber Coax (HFC) networks, satellite networks, and Telco networks. Communication media include, but not limited to, a cable, an electrical connection, a bus, and internal communications mechanisms such as message passing, interprocess communications, and shared memory. Such networks or portions thereof may utilize any one or more different topologies (e.g., ring, bus, star, loop, etc.), transmission media (e.g., wired/RF cable, RF wireless, millimeter wave, optical, etc.) and/or communications or networking protocols (e.g., SONET, DOCSIS, IEEE Std. 802.3, ATM, X.25, Frame Relay, 3GPP, 3GPP2, WAP, SIP, UDP, FTP, RTP/RTCP, H.323, etc.). While exampled herein with regard to secured communication between a pair of network endpoint devices (host-to-host), the described method can equally be used to protect the data flow between a pair of gateways or any other networking-associated devices (network-to-network), or between a network device (e.g., security gateway) and a host (network-to-host).
(164) The corresponding structures, materials, acts, and equivalents of all means plus function elements in the claims below are intended to include any structure, or material, for performing the function in combination with other claimed elements as specifically claimed. The description of the present invention has been presented for purposes of illustration and description, but is not intended to be exhaustive, or limited to the invention in the form disclosed. The present invention should not be considered limited to the particular embodiments described above, but rather should be understood to cover all aspects of the invention as fairly set out in the attached claims. Various modifications, equivalent processes, as well as numerous structures to which the present invention may be applicable, will be readily apparent to those skilled in the art to which the present invention is directed upon review of the present disclosure.
(165) All publications, standards, patents, and patent applications cited in this specification are incorporated herein by reference as if each individual publication, patent, or patent application were specifically and individually indicated to be incorporated by reference and set forth in its entirety herein.