[go: up one dir, main page]

WO1997037305A1 - Securite d'un systeme informatique - Google Patents

Securite d'un systeme informatique Download PDF

Info

Publication number
WO1997037305A1
WO1997037305A1 PCT/US1997/004905 US9704905W WO9737305A1 WO 1997037305 A1 WO1997037305 A1 WO 1997037305A1 US 9704905 W US9704905 W US 9704905W WO 9737305 A1 WO9737305 A1 WO 9737305A1
Authority
WO
WIPO (PCT)
Prior art keywords
peripheral
bus
physical layer
identity
secondary bus
Prior art date
Application number
PCT/US1997/004905
Other languages
English (en)
Inventor
C. Brendan S. Traw
Eric C. Hannah
Jerrold V. Hauck
Richard L. Coulson
Brad W. Hosler
Original Assignee
Intel Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Intel Corporation filed Critical Intel Corporation
Publication of WO1997037305A1 publication Critical patent/WO1997037305A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/002Bus
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Definitions

  • This invention relates to the field of computer system security for preventing unwanted intrusion into a computer system.
  • Security from an unwanted intrusion into a computer system is provided by coupling a host component with a peripheral component using a high-speed serial bus having a high ⁇ speed physical layer and using features of the bus to implement the security.
  • Fig. 1 is a block diagram of a system of the invention using a high-speed serial bus for providing security
  • Fig. 2 is a schematic of a high-speed serial bus cable
  • Fig. 3 is a schematic view of the wiring of the cable shown in Fig. 2.
  • Fig. 4 is a flow chart of the operation of an embodiment of the invention.
  • Fig. 5 is a flow chart of the operation of another embodiment of the invention.
  • Fig. 6 is a flow chart of yet another embodiment of the invention.
  • Host computer 10 includes host controller 11, which provides an interface to bus hub 13.1.
  • Host controller 11 governs data movement between host 10 and peripherals 16-18 and provides an interface to the memory system of host 10, such as DMA engine 44, memory controller 48 and memory 42.
  • Host controller 11 is coupled to DMA engine 44, which is coupled to memory controller 48.
  • host controller 11, DMA engine 44 and memory controller 48 are part of a single integrated circuit.
  • the nigh-speed physical layer or links of bus system 12, to be described below, can communicate with DMA engine 44 to directly access memory 42, for example through memory controller 48.
  • the direct memory accessing capability of bus system 12 contributes to the very low latency of the bus system. Peripherals on bus system 12, such as peripherals 16-18 are permitted real-time, direct access to host memory 42 using DMA engine 44.
  • Bus system 12 includes hub 13.1 located within the confines of host computer 10.
  • One or more mass storage devices such as disk drive 15 is coupled to hub 13.1.
  • Bus cable 14.1 couples internal hub 13.1 to external hub 13.2 onto which a plurality of peripherals can be coupled.
  • Various peripherals 16-18 can be coupled to hub 13.2 by bus cables 14.2, 14.3 and 14.4.
  • the high-speed bus and bus system 12 means any of cables 14.1-14.4 and hubs 13.1 and 13.2.
  • Peripherals which can be coupled to hubs 13.1 or 13.2 include, for example, printers, scanners, cameras, disk drives, network interfaces, etc.
  • coupled peripherals can be a substantial distance from host 10, especially when using multiple linked hubs 13.x.
  • bus cables 14.1 - 14.4 and hubs 13.1 and 13.2 use DMA engine 44 to allow peripherals 16-18 to directly access host computer memory 42.
  • this latter feature of the bus helps provide it with the qualities of low latency and high bandwidth, it also makes host memory susceptible to unauthorized access by rogue devices coupled to any of buses 14.1 - 14.4 or hubs 13.1 and 13.2.
  • the invention protects the security of host computer 10 to help prevent a hacker from directly accessing main memory 42 using DMA engine 44, through memory controller 48.
  • FIG. 2 shows, for example, bus cable 14.2 linking peripheral 16 to external hub 13.2, but it should be understood that Fig. 2. also can represent any of bus cables 14.1-14.4 and hubs 13.1 and 13.2.
  • Bus cable 14.2 has a pair of opposing, unidirectional, high speed, shielded, twisted pairs defining high-speed physical layers or links 21 and 22, linking transceiver pairs 23 and 24.
  • Transceivers 23 and 24 are AC coupled via shielded links 21 and 22 with 100 ohm differential impedance.
  • Transceiver 23 has driver 25 and receiver 26.
  • Transceiver 24 has driver 27 and receiver 28.
  • Bus cable 14.2 also includes a secondary bus component 34, such as a Universal Serial Bus (USB), having link 28 which comprises a bidirectional pair coupling transceiver 29 with transceiver 30.
  • USB is well known to those having skill in the art and a technical specification on the bus can be found on the World Wide Web at Uniform Resource Locator (URL) address http://www.teleport.com/ ⁇ usb/.
  • the invention makes substantial use ⁇ i the secondary bus component in all of bus cables 14.1 - 14.4 and hubs 13.1 and 13.2 as service layers for implementing many security features of the invention, as will be more fully described below.
  • the secondary link such as a USB link
  • the secondary link is available for implementing the security features because unlike the high-speed links of bus cables 14.1-14.4 and hubs 13.1 and 13.2, the secondary links do not have DMA engine access. No danger exists that a rogue device can access memory through the secondary links. Access to memory through the secondary links is controlled entirely, for example, by computer 10, for example by operating system 41 and processor 46, and thus the secondary links are inherently trusted by computer 10. No device can access host memory 42 through the secondary links without processor 46 and operating system 41 knowing about it. A peripheral using an active high-speed link of the bus system of the invention may directly access host memory 42, however, using DMA engine 44, without knowledge by processor 46 or operating system 41. It should be understood by a person of ordinary skill that operation of processor 46 and operating system 41 are mutually dependent and reference to one necessarily incorporates reference to the other.
  • secondary leads 49 provide a secondary bus path to secondary bus controller 50.
  • secondary bus controller 50 is a USB bus controller known to those having skill in the art.
  • Secondary bus controller 50 is coupled to memory controller 48 through an input/output (I/O) bus 52, such as a peripheral control interface (PCI) bus inside computer 10.
  • I/O input/output
  • PCI peripheral control interface
  • Fig. 3 is a more detailed view of high-speed links 21 and 22 and secondary link 28 of bus cable 14.2.
  • High-speed links 21 and 22 are twisted pairs having internal shielding 31.
  • Links 21 and 22 are unidirectional, but combine to provide full-duplex communications.
  • Secondary link 28 is a bi-directional, twisted pair path. All of links 21, 22, and 28 are shielded by shield 39. Voltage supply 32 and ground wires 33 also are associated with the secondary component 34 of bus cable 14.2. The invention uses the secondary links in one or more of the high-speed bus cables
  • one method of providing security is to prevent use of a high-speed link, such as links 21 and 22 of bus cable 14.2, for example by disabling (or not enabling) transceivers 23 and 24 until the identity of a peripheral component, such as printer 16, is verified through the secondary links.
  • a high-speed link such as links 21 and 22 of bus cable 14.2
  • disabling (or not enabling) transceivers 23 and 24 until the identity of a peripheral component, such as printer 16, is verified through the secondary links.
  • this is done at system initialization t,step 61 at Fig. 4).
  • processor 46 and software in computer node 10 for example operating system 41 , can attempt to identify the peripheral, such as peripheral 16, for example by checking through the secondary links for expected switch settings in switch 43 (step 62).
  • a signal delivered to peripheral 16 from computer node 10 will be altered in a definable manner according to the switch settings, returned over the secondary links (step 63) and interpreted by processor 46 and operating system 41 in computer node 10 as a valid or invalid verification of the identity of peripheral 16 (step 63).
  • an active component in a peripheral such as peripheral 16 could transmit an expected message back to computer node 10 through the secondary links in response to a query or challenge received through the secondary links (step 64).
  • Various authentication protocols which are known to those having skill in the art, may be used by host 10 and a peripheral, such as peripheral 16, in the challenge and response transmissions.
  • peripheral such as peripheral 16
  • operating system 41 in computer node 10 permits use of high-speed links 21 and 22 (step 65), such as by enabling high-speed transceivers 23 and 24 and use of other high-speed links in the physical data transmission path to peripheral 16.
  • Use of the high-speed links is denied if the peripheral is not identified (step 66).
  • a writable storage medium such as storage medium 45
  • the storage medium can be pre-encoded with a unique signature.
  • software such as operating system 41 resident in memory 42 on host computer 10 writes into storage medium 45 through secondary links the unique identifying code, which will be
  • the operating system 41 in computer node 10 queries the peripheral through the secondary links (step 62), such as secondary link 28, for the dedicated signature stored in the storage medium 45 (step 63) before permitting use of the high-speed links (step 65), such as before enabling transceivers 23 and 24, for high-speed data transmission over the high-speed links of a bus cable, such as high speed links 21 and 22.
  • Use of the high-speed links is denied to peripherals which fail to exhibit a proper signature to operating system 41 over the secondary links (step 66).
  • Storage medium 45 can be, for example, a flash ROM into which the dedicated signature is stored by operating system 41 in computer node 10.
  • the high-speed links are enabled automatically, such as by operating system 41 , upon recognition of the peripheral.
  • Another feature of the invention provides a user of computer 10 with an opportunity to manually approve a change in system configuration.
  • a configuration of system 12 can be checked by operating system 41, for example at system initialization (step 71 of Fig. 5), through the secondary links of bus cables 14.1-14.4 and hubs 13.1-13.2, for example by investigating the presence and content of various known registers in peripherals as known by persons having ordinary skill in the art (step 72).
  • operating system 41 if a peripheral is found to have been added or removed through responses to the queries received over the secondary bus links (steps 73 and 74), operating system 41 generates a dialog box on a monitor attached to computer 10 (not shown in Fig.1) to notify the user (step 75).
  • the user is requested to input instructions in response to the information gathered over the secondary links (step 76).
  • the user can instruct the system to refrain from activation, such as by not enabling, or disabling, the high-speed transceivers of the high-speed data links of one or more of bus cables 14.1-14.4 and hubs 13.1 -13.2 (step 77).
  • a user also can cause acceptance of the peripheral (step 79), such as by entering the appropriate information including, preferably, a password when confronted with the dialog box generated by operating system 41 (step 78).
  • operating system 41 through the secondary links of bus cables 14.1-14.4 and hubs 13.1 and 13.2, continues to monitor the system as it is running for an occurrence of any real-time plug and unplug events e ⁇ , connections or disconnections of a peripheral while the system is running (step 81 of Fig. 6).
  • any connections or disconnections of a peripheral into hubs 13.1 or 13.2, or along any of bus cables 14.1 - 14.4 are detected by operating system 41 through the secondary links of the bus system (step 82).
  • a user of computer node 10 preferably is notified of the hot plug or unplug, such as through a dialog box as discussed above, and can investigate the occurrence to learn of its nature (step 83).
  • the dialog box specifies, for example, the location and identity of the hot plug or unplug.
  • An interested user at host computer 10 can investigate the notification to determine whether unauthorized access has occurred or been attempted (step 84).
  • the user can enter a password allowing a hot-plugged peripheral to join the system (step 85), such as by enabling the relevant high-speed transceivers in any of bus cables 14. 1-14.4 and hubs 13.1-13.2 (step 86).
  • step 87 use of the high-speed links for unauthorized access will be prevented (step 87), either affirmatively or by a simple failure to enter authorization, such as a password, when prompted.
  • the invention therefore provides a variety of non-exclusive, low-cost and easily implemented security measures which protect a computer system from an unwanted intrusion. These security measures are especially important considering the direct memory accessing capabilities which can be provided using the high speed links of bus cables 14.1-14.4 and hubs 13.1 and 13.2 through DMA engine 44, which could be used for unauthorized accessing of main memory 42.
  • processor 46 and operating system 41 substantially control security system functionality, such as by generating and transmitting peripheral device queries, receiving responses thereto and generating graphical user interfaces, such as dialog boxes, pertaining to security issues. It should be understood to a person having ordinary skill that the activities of processor 46 and operating system 41 with respect to implementation of the security features of the invention can be handled by dedicated hardware and software, for example an expanded host controller 11 and special software in a dedicated memory or in memory 42.
  • the invention is described above with reference to a limited number of bus cables and hubs. It should be understood that the use of additional hubs and cables coupling additional peripherals to host 10 is within the scope of the invention.
  • the present invention can be embodied in the form of computer- implemented processes and apparatuses for practicing those processes.
  • the present invention also can be embodied in the form of computer program code embodied in tangible media, such as floppy diskettes, CD-ROMs, hard drives, or any other computer-readable storage medium, wherein, when the computer program code is loaded into and executed by a computer, the computer becomes an apparatus for practicing the invention.
  • the present invention can also be embodied in the form of computer program code, for example, whether stored in a storage medium, loaded into and/or executed by a computer, or transmitted over some transmission medium, such as over electrical wiring or cabling, through fiber optics, or via electromagnetic radiation, wherein, when the computer program code is loaded into and executed by a computer, the computer becomes an apparatus for practicing the invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

On assure la sécurité d'un système informatique (12) vis-à-vis des intrusions indésirables en couplant un composant hôte (10) à un composant périphérique (16-18) au moyen d'un bus série à grande vitesse (14.1-14.4) doté d'une couche physique à grande vitesse et en utilisant les caractéristiques du bus (14.1-14.4) pour la mise en oeuvre de la sécurité. Selon une réalisation, le bus série à grande vitesse (14.1-14.4) comporte une couche à effet de bus secondaire qui sert à mettre en oeuvre un certain nombre de caractéristiques de sécurité de l'invention.
PCT/US1997/004905 1996-03-29 1997-03-27 Securite d'un systeme informatique WO1997037305A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US62622196A 1996-03-29 1996-03-29
US08/626,221 1996-03-29

Publications (1)

Publication Number Publication Date
WO1997037305A1 true WO1997037305A1 (fr) 1997-10-09

Family

ID=24509467

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/004905 WO1997037305A1 (fr) 1996-03-29 1997-03-27 Securite d'un systeme informatique

Country Status (1)

Country Link
WO (1) WO1997037305A1 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000048062A1 (fr) * 1999-02-15 2000-08-17 Hewlett-Packard Company Communications entre les modules d'une plate-forme informatique
EP1076280A1 (fr) * 1999-08-13 2001-02-14 Hewlett-Packard Company Communications entre des modules d'un appareil ordinateur
WO2004075049A1 (fr) * 2003-02-20 2004-09-02 Secure Systems Limited Systeme et procede de securisation d'interface de bus pour ordinateurs
EP1496418A2 (fr) 2003-07-08 2005-01-12 Microsoft Corporation Communication d'information via un canal de bande latérale et utilisation de celle-ci pour verifier la relation de position
US6988250B1 (en) 1999-02-15 2006-01-17 Hewlett-Packard Development Company, L.P. Trusted computing platform using a trusted device assembly
US7430668B1 (en) 1999-02-15 2008-09-30 Hewlett-Packard Development Company, L.P. Protection of the configuration of modules in computing apparatus
EP1450233A3 (fr) * 2003-02-19 2010-05-19 Microsoft Corporation Distribution de clés sur un canal optique hors-bande
WO2012071133A1 (fr) * 2010-11-22 2012-05-31 Motorola Mobility, Inc. Authentification de périphérique
US8412857B2 (en) 2010-11-22 2013-04-02 Motorola Mobility Llc Authenticating, tracking, and using a peripheral
US9224359B2 (en) 2011-09-26 2015-12-29 Google Technology Holdings LLC In-band peripheral authentication

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5099417A (en) * 1987-03-13 1992-03-24 Texas Instruments Incorporated Data processing device with improved direct memory access
US5202997A (en) * 1985-03-10 1993-04-13 Isolation Systems Limited Device for controlling access to computer peripherals
US5204961A (en) * 1990-06-25 1993-04-20 Digital Equipment Corporation Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols
US5310998A (en) * 1989-10-31 1994-05-10 Kabushiki Kaisha Toshiba Method and system for placing a bus on hold during the insertion/extraction of an IC card into/from a computer
US5394522A (en) * 1990-12-10 1995-02-28 International Business Machines Corporation Selecting and locating graphical icon objects to define and configure the workstations in data processing networks
US5475818A (en) * 1992-03-18 1995-12-12 Aeg Transportation Systems, Inc. Communications controller central processing unit board
US5581712A (en) * 1994-11-17 1996-12-03 Intel Corporation Method and apparatus for managing live insertion of CPU and I/O boards into a computer system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5202997A (en) * 1985-03-10 1993-04-13 Isolation Systems Limited Device for controlling access to computer peripherals
US5099417A (en) * 1987-03-13 1992-03-24 Texas Instruments Incorporated Data processing device with improved direct memory access
US5310998A (en) * 1989-10-31 1994-05-10 Kabushiki Kaisha Toshiba Method and system for placing a bus on hold during the insertion/extraction of an IC card into/from a computer
US5204961A (en) * 1990-06-25 1993-04-20 Digital Equipment Corporation Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols
US5394522A (en) * 1990-12-10 1995-02-28 International Business Machines Corporation Selecting and locating graphical icon objects to define and configure the workstations in data processing networks
US5475818A (en) * 1992-03-18 1995-12-12 Aeg Transportation Systems, Inc. Communications controller central processing unit board
US5581712A (en) * 1994-11-17 1996-12-03 Intel Corporation Method and apparatus for managing live insertion of CPU and I/O boards into a computer system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
CLARKSON, "Seriously Serial, Byte Magazine", October 1994, pages 117-122. *
COMPCON. IEEE, 1992, TEENER, "A Bus on a Diet-The Serial Bus Alternative", pages 316-321. *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7444601B2 (en) 1999-02-15 2008-10-28 Hewlett-Packard Development Company, L.P. Trusted computing platform
WO2000048062A1 (fr) * 1999-02-15 2000-08-17 Hewlett-Packard Company Communications entre les modules d'une plate-forme informatique
US6988250B1 (en) 1999-02-15 2006-01-17 Hewlett-Packard Development Company, L.P. Trusted computing platform using a trusted device assembly
US7236455B1 (en) 1999-02-15 2007-06-26 Hewlett-Packard Development Company, L.P. Communications between modules of a computing apparatus
US7430668B1 (en) 1999-02-15 2008-09-30 Hewlett-Packard Development Company, L.P. Protection of the configuration of modules in computing apparatus
EP1076280A1 (fr) * 1999-08-13 2001-02-14 Hewlett-Packard Company Communications entre des modules d'un appareil ordinateur
EP1450233A3 (fr) * 2003-02-19 2010-05-19 Microsoft Corporation Distribution de clés sur un canal optique hors-bande
WO2004075049A1 (fr) * 2003-02-20 2004-09-02 Secure Systems Limited Systeme et procede de securisation d'interface de bus pour ordinateurs
JP2005032252A (ja) * 2003-07-08 2005-02-03 Microsoft Corp サイド・バンド・チャネルを介した情報通信および位置関係を確認するためのサイド・バンド・チャネルを介した情報通信の使用
EP1496418A3 (fr) * 2003-07-08 2010-03-10 Microsoft Corporation Communication d'information via un canal de bande latérale et utilisation de celle-ci pour verifier la relation de position
EP1496418A2 (fr) 2003-07-08 2005-01-12 Microsoft Corporation Communication d'information via un canal de bande latérale et utilisation de celle-ci pour verifier la relation de position
KR101085624B1 (ko) * 2003-07-08 2011-11-22 마이크로소프트 코포레이션 사이드-밴드 채널을 통해 정보를 전달하는 방법 및 매체
WO2012071133A1 (fr) * 2010-11-22 2012-05-31 Motorola Mobility, Inc. Authentification de périphérique
US8412857B2 (en) 2010-11-22 2013-04-02 Motorola Mobility Llc Authenticating, tracking, and using a peripheral
US8667303B2 (en) 2010-11-22 2014-03-04 Motorola Mobility Llc Peripheral authentication
US9224359B2 (en) 2011-09-26 2015-12-29 Google Technology Holdings LLC In-band peripheral authentication
US9569609B2 (en) 2011-09-26 2017-02-14 Google Technology Holdings LLC In-band peripheral authentication
US9953156B2 (en) 2011-09-26 2018-04-24 Google Technology Holdings LLC In-band peripheral authentication
US10878077B2 (en) 2011-09-26 2020-12-29 Google Technology Holdings LLC In-band peripheral authentication

Similar Documents

Publication Publication Date Title
US6009527A (en) Computer system security
US5657470A (en) Personal computer hard disk protection system
CN109561071B (zh) 一种数据流量控制的外接式终端防护设备及防护系统
US6349336B1 (en) Agent/proxy connection control across a firewall
EP1412879B1 (fr) Procede et systeme de securite pour ordinateurs
US20160373408A1 (en) Usb firewall devices
US20020143921A1 (en) Bus function authentication method, apparatus and computer program
US20070083719A1 (en) Method and apparatus for creating a secure embedded I/O processor for a remote server management controller
JP2001506783A (ja) 情報の保護方法及び装置
JP7191990B2 (ja) ハードウェア制御ロジックに基づくデータ転送制御方法及びシステム
EP0378804A2 (fr) Authentification de nom NETBIOS
KR20010109092A (ko) 스토리지 에리어 네트워크에 대한 인증된 액세스
US8230127B2 (en) Method of protecting input/output packet of USB device and apparatus thereof
CN103069771A (zh) 用于可管理性、安全路由和端点访问的方法、装置和系统
CN116708210A (zh) 一种运维处理方法和终端设备
WO1997037305A1 (fr) Securite d'un systeme informatique
CN109088743A (zh) 用于在安全系统中提供网络攻击的通知的系统和方法
US8713640B2 (en) System and method for logical separation of a server by using client virtualization
JP2020092417A (ja) ノードデバイスが、許可できないメッセージをcanバス上に送信することを防止する方法及び装置
KR20240110062A (ko) Usb장치와 피보호 장치의 통신 제어 방법, 장치 및 전자 장치
CN111901418A (zh) 基于单向文件传输协议的外接式终端防护设备及系统
CN110401621A (zh) 一种敏感指令的防护方法、设备及存储介质
CN114710360B (zh) 基于审计的从内到外数据安全传输方法、系统及电子设备
CN111885179B (zh) 一种基于文件监测服务的外接式终端防护设备及防护系统
WO2016209203A1 (fr) Dispositifs pare-feu usb

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: CA

NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 97535393

Format of ref document f/p: F

122 Ep: pct application non-entry in european phase