WO2012111018A1 - Dispositif usb inviolable sécurisé et son procédé d'exploitation mis en œuvre par ordinateur - Google Patents

Dispositif usb inviolable sécurisé et son procédé d'exploitation mis en œuvre par ordinateur Download PDF

Info

Publication number
WO2012111018A1
WO2012111018A1 PCT/IN2011/000358 IN2011000358W WO2012111018A1 WO 2012111018 A1 WO2012111018 A1 WO 2012111018A1 IN 2011000358 W IN2011000358 W IN 2011000358W WO 2012111018 A1 WO2012111018 A1 WO 2012111018A1
Authority
WO
WIPO (PCT)
Prior art keywords
secure
usb
computer
user
implemented method
Prior art date
Application number
PCT/IN2011/000358
Other languages
English (en)
Inventor
Lakshmi THOZHUVANOOR VELLAT
Original Assignee
Thozhuvanoor Vellat Lakshmi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thozhuvanoor Vellat Lakshmi filed Critical Thozhuvanoor Vellat Lakshmi
Publication of WO2012111018A1 publication Critical patent/WO2012111018A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen

Definitions

  • the present invention relates generally to computer systems. More particularly, this invention relates to a secure tamper proof USB device intended for securely rebooting a computer from an operating system stored in a portable device and further provide a secure Internet Enterprise and /or private / public server Access along with a computer implemented method of its operation.
  • ROM read-only memory
  • BIOS Basic Input-Output System
  • the operating system such as Windows / Linux may be loaded from the hard disk, and when booting is complete the OS can execute user programs.
  • Various system checks such as hardware and/or software detection is performed during booting.
  • the memory such as the mass storage devices such as hard disks are being replaced or supplemented with solid-state mass storage such as flash memories. Further the users are also experiencing mass storage file corruption and destruction because PCs have little or no security protection from unauthorized use and espionage. Even when PCs provide password protection, technical experts have become skilled at breaking or bypassing this limited security scheme. Because authorization security needs to be performed before the machine boots the operating system, it is difficult to add better security to the BIOS. One costly current alternative is to add custom circuitry which has its own specially coded microprocessor to the PC. However, without a low cost secure authorization technique provided by the PC manufacturer, the ordinary user is at tremendous peril to today's hightech cyber thieves.
  • PC personal computer
  • a system administrator advances the security guard of a PC owned by each use by installing security software such as antivirus software and spyware monitoring software onto a PC and instructs each user to comply with security compliance requirements.
  • security software such as antivirus software and spyware monitoring software
  • the system administrator disables the USB slot at the BIOS level and limits access to the BIOS by using passwords.
  • the PC may be subjected to illegal access when a user forgets to update a definition file of the security software.
  • the above- described guard requires the user to perform an additional task when the user is to bring out a file or a task of encrypting a file at each time when the user operates the file. That lowers usability of each user, and further degrades the work efficiency of the office work.
  • USB Universal Serial Bus
  • flash memory is also replacing floppy disks because flash memory provides higher storage capacity and faster access speeds than floppy drives.
  • the USB standard has several features that require additional processing resources. These features include fixed-frame times, transaction packets, and enumeration processes. For better optimization, these features have been implemented in application-specific integrated circuits (ASICs).
  • ASICs application-specific integrated circuits
  • flash memory sectors have a limited life span; i.e., they can be erased only a limited number of times before failure. Accordingly, flash memory access is slow due to the erase-before- write nature and ongoing erasing will damage the flash memory sectors over time.
  • WO2009154705 by Lockheed Martin, which discloses inter-connectable personal computer architectures comprising secure, portable and persistent computing environments that provide secure computing sessions with persistence.
  • the computing environments are implemented using a secure non-computing client device, such as a USB device, that interfaces with a host computer and, optionally, a trusted server.
  • the secure non-computing client device is used to instantiate a secure BIOS and a secure cold or warm boot of the host computer, from the client device, in a host protected area of the host computer, or from the trusted server.
  • the client device comprises a security device, such a trusted platform module that encrypts and decrypts data transferred between the client apparatus and the host computer to provide a sealed computing environment on the host computer.
  • the client device may implement keyboard logger attack prevention.
  • the client device may also implement a high assurance guard to protect applications.
  • the client device may also comprise security wrapper software that encapsulates malware processed by the host computer.
  • Another Chinese specification CN101398764 by JINGTIAN ELECTRONIC SHENZHEN C discloses a portable USB device that boots a computer as a server with security measure. Techniques for booting a host computer from a portable storage device with customized settings with secure measure are described herein.
  • the portable storage device in response to detecting a portable storage device inserted into a first host computer, the portable storage device is authenticated using a private key stored within the portable storage device against a public key stored in a second host computer over a network.
  • data representing a personal working environment associated with a user of the portable storage device is downloaded from the second host computer over the network.
  • the first host computer After reboot, the first host computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate the second host computer in view of the personal working environment.
  • Other methods and apparatuses are also described.
  • Another US specification US2008244689 by DALTON CURTIS EVERETT discloses a portable and secure computer operating system, and applications that can be used securely on virtually any computer system regardless of its security state (i.e., regardless of the presence of computer viruses, Trojan code, keylogging software, or any other malicious mobile code that may exist on host computer system).
  • the present invention is embodied within three components including the client desktop or server software, the appliance-based management server, and the media (i.e., including but not limited to USB thumb drive or CDROM) on which the client desktop or server software is installed.
  • FIG. 1 Another US specification US2008172555 by ERINK TECHNOLOGIES discloses a bootable thin client personal initialization device.
  • the invention provides a 'thin client', such as software loaded on a USB memory 'stick' or other bootable media, that boots a host machine without using the machine's hard-drive or software and without local applications running in the background.
  • the USB thin client device's use and control of the host machine is safe to the host machine because it does not involve nor alter the hard-drive or software of the machine.
  • the host machine acts like a 'dumb' terminal to permit the USB thin client to remotely access a remote server to for example run software and access data remotely for local presentation and interfacing via the host machine's display, keyboard, printer, etc.
  • the USB thin client typically includes a portion in the open and an encrypted portion only accessible after the user, for example, enters a security password. Upon recognition of the password by the USB thin client device, the device decrypts the encrypted portion of the stick, including personal information.
  • Exemplary personal computers include a nanokernel or minikernel configured to boot when connected to a host computer.
  • a memory is provide for storing the nanokernel or minikernel, along with encrypted data, secure keys and certificates, and one or more software applications.
  • the nanokernel or minikernel is configured to allow selected stored software applications to run on the host computer and execute on the user data stored in the memory when the computing apparatus is connected to the host computer and booted.
  • the nanokernel or minikernel is also configured to prevent any other application from executing on user data stored in the memory.
  • the Secure USB is a device which is used for the secure Internet Enterprise and /or public / private server Access.
  • the herein disclosed system comprises of an operating system (OS), fingerprint unit to authenticate the user biometrically, ibutton chip for the unique ID of the device used for the authentication of the device, OLED for the general message display, USB, tamper protection circuit and a rechargeable battery to operate the tampering circuit.
  • OS operating system
  • fingerprint unit to authenticate the user biometrically
  • ibutton chip for the unique ID of the device used for the authentication of the device
  • OLED for the general message display
  • USB tamper protection circuit
  • a rechargeable battery to operate the tampering circuit.
  • the present specification also discloses a method of operating the said device.
  • the device checks whether the user is authorized by verifying the fingerprint. Under condition that the user is authorized, the currently running PC gets reboot from the Live OS present in the Secure USB device and permits the user to access the pre-configured websites clean from any kind of security threats.
  • the device has protection against tampering. The device erases the complete data stored in the device in case of tampering.
  • a method for booting a personal computer (PC) from a secure portable USB with customized settings with security measures in response to a detection of an USB device inserted into a computer (PC), the portable storage device is authenticated biometrically and thereby a registration process is carried out which comprises of the enrolling the fingerprints of the user, loading the OS, reading the unique identification number of the device, generating multiple shares and configuring the permitted websites. Of the at least two generated shares, one share will be written to the device and one share will be transmitted to the Authentication and Authorization Gateway along with the other registration details.
  • data representing a personal working environment associated with a user of the portable storage device is downloaded from the server / memory over the network. After reboot, the said personal computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate in view of the personal working environment.
  • the principle object of the present invention is to provide a portable secure USB device intended for securely rebooting a computer from an operating system stored in a portable device and further provide a secure Internet Enterprise and /or private / public server Access.
  • a portable secure USB device which is configured with a Biometric Authentication System based gives an authentic security.
  • a portable secure USB device which is equipped with Drivers and SDK for all flavors of Windows and Linux so that the enterprise can decide which OS to use and customize it accordingly.
  • a portable secure USB device comprising information re-casted in image domain and using proprietary visual cryptographic algorithm the contents are split into multiple shares each transmitted through its own secure channel, so even if a channel is compromised the Hacker cannot recreate the Information.
  • a portable secure USB device comprising a rechargeable battery which creates the possibility of Tamper Protection even when the device is not connected to the PC. Enough power is made available to complete a complete dog-wash of the system. This ensures forensic cleaning practices leaving no trace for any further reverse engineering.
  • a portable secure USB device which provides a rewritable space which will be erased at the end of each session, while keeping the main OS on the device in Read Only Mode.
  • the presence of the Secure USB Bootable device only, the web server site gets revealed and gets access.
  • the secure USB device gets authenticated on the Enterprise/Web Server of the Secure USB device which uses a combination of numbers and alphabets cast into image domain and holding partial image details on Secure USB device and rest on the Enterprise/Web Server and then configured for Single-sign-on using proprietary logical image cryptographic based solution.
  • forward thinking security measures are implemented in the Secure USB bootable device.
  • booting with the secure USB bootable device ensure no key logger software either in terms of software or through any other serial / USB port of the computer terminal is possible as the OS on the secure USB will shut down all the other ports on the computer system.
  • additional security layer of CAPTCHA is implemented to ensure physical portion of client on the terminal of access.
  • a secure USB bootable device with a Docking Station with a Processor/FPGA, the communication channel between the Secure USB bootable device and the Docking Station is done using custom encryption, thereby ensuring the USB protocol analyzers even when inserted between the Secure USB bootable device and the Docking Station will not be able to analyze the communication protocols.
  • a secure USB bootable device is provide with a QWERTY keyboard component that can interact with any client device like a smart GSM phone/Modem/Intelligent Docking Station.
  • a portable secure USB device which comprises of a "Globally Guaranteed Hardware based unique ID", for each product.
  • a portable secure USB device which comprises of hardware based tactile switches, triggered, tamper mechanism.
  • the said switches are always active due to the provided rechargeable battery.
  • FIGS. 1A is a block diagram illustrating the secure USB system in accordance with the present invention
  • FIG. IB is a diagram illustrating a secure USB system in accordance with the present invention
  • FIG. 2 is a diagram illustrating the schematic of the controller in accordance with the present invention.
  • FIG. 3 is a diagram illustrating the system's operational requirements in terms of a use case model consisting of use cases and use case paths in accordance with the present invention
  • FIG. 4 is a diagram illustrating administrator use case diagram in accordance with the present invention.
  • FIG. 5 is a diagram illustrating user use case diagram in accordance with the present invention.
  • FIG. 6 is a diagram illustrating hacker use case diagram in accordance with the present invention.
  • DETAILED DESCRIPTION Secure USB Bootable Device :
  • the disclosed secure USB device is used for the secure Internet Enterprise Access.
  • the system is mainly intended for the Government/Enterprise Market.
  • the system comprises of an operating system (OS), fingerprint unit to authenticate the user, i-button for the unique ID of the device used for the authentication of the device, OLED for the general message display, USB, tamper protection circuit and a rechargeable battery to operate the tampering circuit.
  • OS operating system
  • OLED for the general message display
  • USB tamper protection circuit
  • a rechargeable battery to operate the tampering circuit.
  • the password based authentication system can be easily compromised, especially with a compromised PC having hardware based Key loggers.
  • said device further comprises of Biometric Authentication System which provides authentic security.
  • the registration process comprises of the enrolling the fingerprints of the user, loading the OS, reading the unique identification number of the device, generating the shares and configuring the permitted websites. Of the two generated shares, one share will be written to the device and one share will be transmitted to the Authentication and Authorization Gateway along with the other registration details.
  • the device checks if the user is authorized by verifying the fingerprint. If the user is authorized, the currently running PC will reboot from the Live OS present in the Secure USB device and permits the user to access the pre-configured websites clean from any kind of security threats.
  • the said device is configured with drivers and SDK for all flavors of Windows and Linux so that the enterprise can decide which OS to use and customize it accordingly.
  • the said device has protection against tampering. The device erases the complete data stored in the device in case of tampering.
  • the disclosed device comprises a low power processor which is interfaced to display, i-button, fingerprint, battery, tamper circuit and USB and flash.
  • the controller is ARM cortex - MO based processor running at frequencies of up to 50 MHz.
  • the Cortex-M0 processor is built on a highly area and power optimized 32-bit processor core, with a 3-stage pipeline von Neumann architecture.
  • the peripheral complement of the LPCl l lx/LPCl lClx includes up to 32 KB of flash memory, up to 8 KB of data memory, one C CAN controller (LPC1 1C12/14), one Fast-mode Plus I2C-bus interface, one RS-485/EIA-485 UART, up to two SPI interfaces with SSP features, four general purpose timers, a 10-bit ADC, and up to 42 general purpose I/O pins.
  • This module is low power processor which is interfaced to display, i-button, fingerprint, battery, tamper circuit and USB and flash.
  • the display is 96x16 OLED display which is connected to the controller through the I2C interface.
  • the controller transmits the messages to be displayed to the OLED display.
  • the ibutton is used for the unique identification number of the device.
  • the one-wire communication is used between the controller and the ibutton.
  • the controller is interfaced with the fingerprint module using the UART.
  • the user of the USB device has to be authorized before using the device by his fingerprint verification.
  • Protection against the physical tampering of the device is provided by connecting the switches to the controller.
  • the switch open and the controller erases all the internal data present in the device powered by an internal rechargeable battery.
  • the device takes power from the host system.
  • a rechargeable battery is provided for the functioning of the tampering circuit when the device is not connected to the host system.
  • the provision of rechargeable battery creates the possibility of tamper protection even when the device is not connected to the PC and enough power will be available to complete a complete Dog Wash of the system. This ensures forensic cleaning practices leaving no trace for any further reverse engineering.
  • USB Universal Serial Bus
  • Flash memory to store the operating system.
  • the display module is OLED monochrome 96x16 dot matrix display.
  • the characteristics of this module are high brightness, low power consumption, self-emission, high contrast ration, slim/thin outline, wide viewing angle and wide temperature range.
  • the secure portable USB device as disclosed herein is configured for a secure access to the preconfigured websites by the authorized user who is mobile. Only on the presence of the Secure USB Bootable device the web server site gets revealed and gets access. In the absence of the Secure USB bootable device the user always land on other web server address where-in the critical component for enterprise view/transaction is absent.
  • the system has the following functional requirements:
  • the Device is primarily used by the end user to securely access the permitted websites. The following scenario explains it:
  • USB Device will act as a bootable Optical ROM Drive to the PC and the PC boots to the Live OS stored on the device to provide the user with safe browsing environment clean from any kind of security threats.
  • Administrator using the Administration Software registers the user's fingerprints (10 fingers at 2 samples each) on to the device.
  • the Administration Software has provision to read the unique ID of the device and store in database on the server for real time verification whenever the Device with Unique ID matches.
  • the Administrator loads the Bootable Live OS ISO to the USB Device using the Administration Software.
  • the Secure USB bootable device SaaS in Cloud Computing can be authenticated for secure storage update and access specific to the user of the Secure USB device.
  • USB Device will act as a bootable Optical ROM Drive to the PC and the PC boots to the Live OS stored on the device to provide the user with safe browsing environment clean from any kind of security threats.
  • USB Device also provides an authentication Interface to the OS which can be used by the websites to authenticate the user during transactions.
  • USB Device provides a display interface to the OS which can be used by the websites to display any information.
  • the device is configured for detecting any kind of physical tampering and on detection all the data stored in the said USB device erased.
  • the disclosed device is incorporated with a tamper proof circuit with tactile switches and software daemons for forensically erasing the key-share.
  • the other programs (OS and Server access details) are provided on the Secure USB device. Dog-wash methods of erasure have been implemented on the said device. Forward thinking security measures have been implemented in the Secure USB bootable device. Tamper proof design takes care of attacks in categories of a) Mechanical (invasive attacks) b) Electrical (invasive attacks) and c) Software (Non-invasive attacks)
  • Booting with the secure USB bootable device ensure no key logger software either in terms of software or through any other serial / USB port of the computer terminal is possible as the OS on the secure USB will shut down all the other ports on the computer system. This ensures complete assurance of not running any stealthy keystroke logger on the computer terminal when booted with the proposed Secure USB bootable device.
  • the disclosed secure portable bootable USB device is plugged in to a computer and /or other systems as described in the later portion, the device draws power through the USB port to activate the said device.
  • the portable storage device In response to a detection of an USB device inserted into a computer (PC), the portable storage device is authenticated biometrically and thereby a registration process is carried out which comprises of the enrolling the fingerprints of the user, loading the OS, reading the unique identification number of the device, generating the shares and configuring the permitted websites.
  • the device shuts down the OS on the PC before loading the OS from the USB device.
  • the boot sequence from CD-ROMs should be programmed in the PC and root permissions are required for the reboot.
  • the device Upon booting from said device, it gets connected to the web server URL/IP address to the re-programmed web address on the Device A by the Enterprise who distributes the Device to the client. Only when the device A is authenticated by the server using the two shares on the device and server and combing them using logical cryptography and verifying the combined value with the "I" button unique id on the device the URL doors for connectivity between the device and server are made. This ensures the device A is genuine and connected to the server.
  • the connectivity between the user USB device and the server(web) with URL is a VPN and all the s/w , cookies etc required for connectivity to the server (web) is available on the said device.
  • the specific web URL address is visible on the web only with the users having valued devices.
  • the login onto server further is activated by PIN and password and also CATCH A. Further all transaction between server (web) and clients with Device A are secure and safe and private to the client and no contact from the server gets written onto the USB device flash as it is only read only device.
  • one share will be written to the device and one share will be transmitted to the Authentication and Authorization Gateway along with the other registration details.
  • data representing a personal working environment associated with a user of the portable storage device is downloaded from the server / memory over the network.
  • the said personal computer is configured using the obtained settings of the personal working environment, such that the user of the portable storage device can operate in view of the personal working environment.
  • fig. 3 illustrates system operational overview wherein the different system's operational requirements in terms of a use case model consisting of use cases and use case paths.
  • the said secure USB device interacts, either directly or indirectly, with the following significant external data repositories:
  • the said secure USB device interacts, either directly or indirectly, with the following significant external hardware: Any PC/Laptop which is configured to boot up from the CDROM present in the USB.
  • the said secure USB device interacts, either directly or indirectly, with the following significant external networks:
  • the said secure USB device interacts, either directly or indirectly, with the following significant external software:
  • the whole server- client transaction is by VPN using the combination of key-parts from server and the client. This obviates the need for passwords and other authentication methods.
  • the competitor, Lockheed needs password on the host PC and keyboard for creating a secure tunnel.
  • Additional security layer of CAPTCHA is implemented to ensure physical portion of client on the terminal of access.
  • the whole ecosystem of Enterprise/Web Server, VPN tunnel between Enterprise/Web Server and the Secure USB bootable device is configured, designed and fabricated including the Proprietary Single sign on with logical image security to meet up the desired objectives.
  • the subsection specifies the operational requirements primarily concerning Administrator as shown in Fig 4 (administrator use case diagram).
  • the administrator using the administration software makes a record of the details of the user, fingerprints (10 fingers at 2 samples each) transmitted to AAG.
  • the administrator software reads the devices unique identity number and stores the unique ID value in the server database for later matching.
  • the administrator also configures the websites to be permitted while using the device and stores them into the device and loads the Bootable Live OS ISO to the USB Device using the Administration Software.
  • the administrator has to verify the account details and identification details of the user.
  • the subsection specifies the operational requirements primarily concerning user as shown in Fig 5 (user use case diagram).
  • the device verifies the fingerprint of the user with the enrolled fingerprints. If the fingerprint matches, the running PC/laptop will shut down and reboots with the OS present on the USB device and provides the user a secure browsing environment with the pre-configured websites.
  • the subsection specifies the operational requirements primarily concerning hacker Fig 6 (hacker use case diagram).
  • the device can be tampered by two ways, by the fingerprint or by physical tampering.
  • the Secure USB bootable device is provided with a Docking Station with a Processor/FPGA, the communication channel between the Secure USB bootable device and the Docking Station is done using custom encryption, thereby ensuring the USB protocol analyzers even when inserted between the Secure USB bootable device and the Docking Station will not be able to analyze the communication protocols.
  • This device definition will ensure highest level of security.
  • the docking station may be a thin-Client with Zero Application Docking Station with 10" LCD Touch Screen (XGA) with 100/lGbps Ethernet Connectivity for Internet/Intranet Server Access, bootable with the Secure USB Bootable device with an objective is to provide alternate secure terminals at static locations networked for secure access of the servers.
  • the secure USB bootable device is provided with a QWERTY keyboard component can interact with any client device like a smart GSM phone/Modem/Intelligent Docking Station.
  • the device is configured with logical cryptography.
  • the resident information is recast in image domain and using proprietary visual cryptographic algorithm the contents are split into multiple shares each transmitted through its own secure channel, so even if a channel is compromised the Hacker will not recreate the Information.
  • a Docking station with a Microcontroller/FPGA Processor (for robustness and high degree of security) and features like with USB Ports, Ethernet Port, Graphics Display, Soft/Virtual Keyboard (invoked from the USB Device when inserted), and Fingerprint Scanner built-in with verification on the USB Device will be designed and implemented.
  • the Secure USB Bootable device when used with the docking station that authenticates the USB device and also do all the communications between the Secure USB Bootable device and the Docking Station with encryption.
  • a rewritable space within the said device which will be erased at the end of each session, while keeping the main OS on the device in Read Only Mode.
  • Another embodiment of the present invention provides a Globally Guaranteed Hardware based Unique ID across all versions of the said product.
  • One of the embodiments of the said Secure USB device will have a Virtual Keyboard software application and a Bluetooth connection to connect to Smart GSM Phones. Upon Connection the Virtual Keyboard application form the Secure USB device will run on the smart phone for the purpose of any keying of data for Access to Enterprise server.
  • the Secure USB device will be self powered by battery/AC adapter. Virtual keyboards guarantees no key stoke recordings even if any key-logger would have been active on the Smart phone. No booting of OS is envisaged in this embodiment. This new embodiment will ensure large user base especially the GSM based users with Smart phones appliances to get into secure Mobile payments and enterprise server transactions.
  • the said device can connect to any device (PC, laptop, mobile, docking station etc) and therefore, is device independent (unlike Lockheed or other products). This could be a big advantage for users who use both PC and mobile or docking station (this is the majority of users anyway). Also, could be it connectivity independent (USB, bluetooth, GSM modem or WiFi). In addition in an application the said device can be used in banks appended with Bank's cheques dispenser unit with an instant cheque drop receipt authenticated with Bank details, date and time stamp.
  • USB Bootable device can modify the design of the hardware of the USB Bootable device is modified with the under mentioned features/interfaces/protocols for enabling secure enterprise server access through GPRS/WAP connectivity of GSM Smart Phones like inclusion of Bluetooth Interface for Smart-GSM Phone connectivity, WiFi Connectivity circuit on the USB Device for Smart-Phone GSM Connectivity/WiFi Router connected to Internet, Soft-Keyboard application launched from the USB Device onto the mobile platform for all key-board interaction on the Smart-phone for server access and transactions, Self-powered (battery/main power supply with DC conversion) onto the USB device for sustained interaction with the smart-phone.
  • Critical Points :
  • USB storage device renders relatively useless without the proper authentication and security precautions in place.
  • the device can also be used to run secure portable applications directly from the device.
  • the variant of the secure USB with provision to storage is built with a hardware based encryption which cannot be disabled by malware or intruder.
  • the Populated PCB is conformal coated with epoxy-based potting compound preventing circuit exposure with component details.
  • Secure USB with storage option can store documents, music, photos, e-mails upto 4GB.
  • any of the foregoing embodiments contemplate that the operating system and applications could be any of many individual domains in a virtual computing environment. That is, the operating system shown could be a host or guest operating system, (e.g., Linux, Windows, Netware, Unix, etc.), each with its own applications, file systems, etc.
  • the foregoing description of the present invention has been shown and described with reference to particular embodiments and applications thereof, it has been presented for purposes of illustration and description and is not intended to be exhaustive or to limit the invention to the particular embodiments and applications disclosed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

Selon l'invention, un dispositif USB inviolable sécurisé permettant de fournir un accès sécurisé à un serveur / Internet comprend un système d'exploitation (OS) ; une unité d'empreintes digitales / biométriques destinée à authentifier l'utilisateur ; un bouton i pour l'identification unique du dispositif utilisé pour l'authentification du dispositif ; une OLED pour l'affichage général de messages ; un circuit de protection antifalsification USB et une batterie rechargeable destinée à opérer le circuit antifalsification et un procédé mis en œuvre par ordinateur destiné à établir un accès sécurisé à un serveur / Internet par l'intermédiaire du dispositif USB inviolable sécurisé comprenant les étapes consistant à connecter le dispositif USB portable sécurisé au PC ; vérifier si l'utilisateur est autorisé biométriquement ; si l'utilisateur est autorisé, le PC en cours d'utilisation est réamorcé à partir de l'OS Live présent dans le dispositif USB sécurisé et permet à l'utilisateur d'accéder aux sites Web préconfigurés sans crainte de menaces de sécurité de tous types ; si l'utilisateur n'est pas autorisé, le PC en cours d'utilisation n'est pas réamorcé et demande une autorisation appropriée ; si l'utilisateur effectue une falsification dudit dispositif, le circuit antifalsification est déclenché, et il efface la totalité des données stockées dans ledit dispositif.
PCT/IN2011/000358 2011-02-17 2011-05-24 Dispositif usb inviolable sécurisé et son procédé d'exploitation mis en œuvre par ordinateur WO2012111018A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN455CH2011 2011-02-17
IN455/CHE/2011 2011-02-17

Publications (1)

Publication Number Publication Date
WO2012111018A1 true WO2012111018A1 (fr) 2012-08-23

Family

ID=44583605

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2011/000358 WO2012111018A1 (fr) 2011-02-17 2011-05-24 Dispositif usb inviolable sécurisé et son procédé d'exploitation mis en œuvre par ordinateur

Country Status (1)

Country Link
WO (1) WO2012111018A1 (fr)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2750033A1 (fr) * 2012-12-27 2014-07-02 Telefonica S.A. Dispositif de communication par modem portable et procédé pour fournir des capacités de connectivité à un dispositif informatique
US8876005B2 (en) 2012-09-28 2014-11-04 Symbol Technologies, Inc. Arrangement for and method of managing a soft keyboard on a mobile terminal connected with a handheld electro-optical reader via a bluetooth® paired connection
US9009359B2 (en) 2013-03-29 2015-04-14 International Business Machines Corporation Emulating multiple universal serial bus (USB) keys so as to efficiently configure different types of hardware
US9245131B2 (en) 2013-03-29 2016-01-26 International Business Machines Corporation Multi-user universal serial bus (USB) key with customizable file sharing permissions
CN106127016A (zh) * 2016-07-18 2016-11-16 浪潮集团有限公司 一种操作***用户登录可信认证的***及实现方法
CN106874232A (zh) * 2015-12-14 2017-06-20 中兴通讯股份有限公司 通用串行总线usb的充电方法、装置及终端
US9720853B2 (en) 2013-03-29 2017-08-01 International Business Machines Corporation Universal serial bus (USB) key functioning as multiple USB keys so as to efficiently configure different types of hardware
EP3164773A4 (fr) * 2015-03-31 2017-08-23 SZ DJI Technology Co., Ltd. Systèmes et procédés de surveillance de vol
EP3451215B1 (fr) 2017-08-28 2019-12-18 Siemens Aktiengesellschaft Dispositif matériel et procédé de fonctionnement et de fabrication d'un dispositif matériel
CN111125795A (zh) * 2018-10-30 2020-05-08 意法半导体股份有限公司 用于集成电路卡的防篡改设备
CN111131201A (zh) * 2019-12-12 2020-05-08 国网电子商务有限公司 一种点阵智能书写数据的多用户分享方法及装置
CN111597520A (zh) * 2020-05-18 2020-08-28 贵州电网有限责任公司 一种计算机usb接口信息安全防控方法及***
US10867047B2 (en) 2015-03-11 2020-12-15 Hewlett-Packard Development Company, L.P. Booting user devices to custom operating system (OS) images
CN116383902A (zh) * 2023-02-28 2023-07-04 国网浙江省电力有限公司常山县供电公司 一种涉密usb接口授权连接设备及其授权连接方法

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0417447A2 (fr) * 1989-09-12 1991-03-20 International Business Machines Corporation Protection de données par détection d'intrusions dans des ensembles électroniques
US20030070079A1 (en) * 2001-10-04 2003-04-10 International Business Machines Corporation Method and system for preboot user authentication
US20060064577A1 (en) * 2004-09-21 2006-03-23 Aimgene Technology Co., Ltd. BIOS locking device, computer system with a BIOS locking device and control method thereof
EP1762956A2 (fr) * 2005-09-09 2007-03-14 Fujitsu Siemens Computers GmbH Ordinateur avec au moins un connecteur pour un support d'information amovible et procédé de démarrer et d'utilisation d'un ordinateur avec un support d'information amovible
US20080082813A1 (en) * 2000-01-06 2008-04-03 Chow David Q Portable usb device that boots a computer as a server with security measure
US20080172555A1 (en) 2007-01-17 2008-07-17 Erink Technologies, Llc Bootable thin client personal initialization device
US20080244689A1 (en) 2007-03-30 2008-10-02 Curtis Everett Dalton Extensible Ubiquitous Secure Operating Environment
CN101398764A (zh) 2007-09-25 2009-04-01 智多星电子科技有限公司 在安全措施下激活计算机作为服务器的可携式usb装置
US20090132816A1 (en) 2007-11-15 2009-05-21 Lockheed Martin Corporation PC on USB drive or cell phone
WO2009154705A1 (fr) 2008-06-20 2009-12-23 Lockheed Martin Corporation Architectures d'ordinateurs personnels interconnectables qui créent des environnements informatiques sécurisés, portables et durables
EP2204756A1 (fr) * 2008-12-30 2010-07-07 Intel Corporation Récupération d'avant démarrage d'un système informatique verrouillé

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0417447A2 (fr) * 1989-09-12 1991-03-20 International Business Machines Corporation Protection de données par détection d'intrusions dans des ensembles électroniques
US20080082813A1 (en) * 2000-01-06 2008-04-03 Chow David Q Portable usb device that boots a computer as a server with security measure
US20030070079A1 (en) * 2001-10-04 2003-04-10 International Business Machines Corporation Method and system for preboot user authentication
US20060064577A1 (en) * 2004-09-21 2006-03-23 Aimgene Technology Co., Ltd. BIOS locking device, computer system with a BIOS locking device and control method thereof
EP1762956A2 (fr) * 2005-09-09 2007-03-14 Fujitsu Siemens Computers GmbH Ordinateur avec au moins un connecteur pour un support d'information amovible et procédé de démarrer et d'utilisation d'un ordinateur avec un support d'information amovible
US20080172555A1 (en) 2007-01-17 2008-07-17 Erink Technologies, Llc Bootable thin client personal initialization device
US20080244689A1 (en) 2007-03-30 2008-10-02 Curtis Everett Dalton Extensible Ubiquitous Secure Operating Environment
CN101398764A (zh) 2007-09-25 2009-04-01 智多星电子科技有限公司 在安全措施下激活计算机作为服务器的可携式usb装置
US20090132816A1 (en) 2007-11-15 2009-05-21 Lockheed Martin Corporation PC on USB drive or cell phone
WO2009154705A1 (fr) 2008-06-20 2009-12-23 Lockheed Martin Corporation Architectures d'ordinateurs personnels interconnectables qui créent des environnements informatiques sécurisés, portables et durables
EP2204756A1 (fr) * 2008-12-30 2010-07-07 Intel Corporation Récupération d'avant démarrage d'un système informatique verrouillé

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"DS5002FP SECURE MICROPROCESSOR CHIP", INTERNET CITATION, February 1998 (1998-02-01), XP002253631, Retrieved from the Internet <URL:http://web.archive.org/web/19980610053242/www.dalsemi.com/DocControl/ PDFs/5002fp.pdf> [retrieved on 20030905] *
SCHMIDT J ET AL: "Hols vom St ckchen", CT MAGAZIN FUER COMPUTER TECHNIK, HEISE ZEITSCHRIFTEN VERLAG, HANNOVER, DE, no. 13, 16 June 2003 (2003-06-16), pages 208 - 210, XP002453498, ISSN: 0724-8679 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8876005B2 (en) 2012-09-28 2014-11-04 Symbol Technologies, Inc. Arrangement for and method of managing a soft keyboard on a mobile terminal connected with a handheld electro-optical reader via a bluetooth® paired connection
EP2750033A1 (fr) * 2012-12-27 2014-07-02 Telefonica S.A. Dispositif de communication par modem portable et procédé pour fournir des capacités de connectivité à un dispositif informatique
WO2014102301A1 (fr) * 2012-12-27 2014-07-03 Telefonica, S.A. Procédé de fourniture de capacités de connectivité à un dispositif informatique
US9009359B2 (en) 2013-03-29 2015-04-14 International Business Machines Corporation Emulating multiple universal serial bus (USB) keys so as to efficiently configure different types of hardware
US9245131B2 (en) 2013-03-29 2016-01-26 International Business Machines Corporation Multi-user universal serial bus (USB) key with customizable file sharing permissions
US9245130B2 (en) 2013-03-29 2016-01-26 International Business Machines Corporation Multi-user universal serial bus (USB) key with customizable file sharing permissions
US9720853B2 (en) 2013-03-29 2017-08-01 International Business Machines Corporation Universal serial bus (USB) key functioning as multiple USB keys so as to efficiently configure different types of hardware
US9720852B2 (en) 2013-03-29 2017-08-01 International Business Machines Corporation Universal serial bus (USB) key functioning as multiple USB keys so as to efficiently configure different types of hardware
US10867047B2 (en) 2015-03-11 2020-12-15 Hewlett-Packard Development Company, L.P. Booting user devices to custom operating system (OS) images
US10692311B2 (en) 2015-03-31 2020-06-23 SZ DJI Technology Co., Ltd. Systems and methods for monitoring flight
EP3164773A4 (fr) * 2015-03-31 2017-08-23 SZ DJI Technology Co., Ltd. Systèmes et procédés de surveillance de vol
US9875584B2 (en) 2015-03-31 2018-01-23 SZ DJI Technology Co., Ltd Systems and methods for monitoring flight
CN106874232A (zh) * 2015-12-14 2017-06-20 中兴通讯股份有限公司 通用串行总线usb的充电方法、装置及终端
CN106874232B (zh) * 2015-12-14 2021-07-30 中兴通讯股份有限公司 通用串行总线usb的充电方法、装置及终端
CN106127016A (zh) * 2016-07-18 2016-11-16 浪潮集团有限公司 一种操作***用户登录可信认证的***及实现方法
CN106127016B (zh) * 2016-07-18 2018-08-17 浪潮集团有限公司 一种操作***用户登录可信认证的***及实现方法
EP3451215B1 (fr) 2017-08-28 2019-12-18 Siemens Aktiengesellschaft Dispositif matériel et procédé de fonctionnement et de fabrication d'un dispositif matériel
CN111125795A (zh) * 2018-10-30 2020-05-08 意法半导体股份有限公司 用于集成电路卡的防篡改设备
CN111125795B (zh) * 2018-10-30 2024-03-26 意法半导体股份有限公司 用于集成电路卡的防篡改设备
CN111131201A (zh) * 2019-12-12 2020-05-08 国网电子商务有限公司 一种点阵智能书写数据的多用户分享方法及装置
CN111597520A (zh) * 2020-05-18 2020-08-28 贵州电网有限责任公司 一种计算机usb接口信息安全防控方法及***
CN111597520B (zh) * 2020-05-18 2023-10-17 贵州电网有限责任公司 一种计算机usb接口信息安全防控方法及***
CN116383902A (zh) * 2023-02-28 2023-07-04 国网浙江省电力有限公司常山县供电公司 一种涉密usb接口授权连接设备及其授权连接方法
CN116383902B (zh) * 2023-02-28 2023-12-19 国网浙江省电力有限公司常山县供电公司 一种涉密usb接口授权连接设备及其授权连接方法

Similar Documents

Publication Publication Date Title
WO2012111018A1 (fr) Dispositif usb inviolable sécurisé et son procédé d&#39;exploitation mis en œuvre par ordinateur
US8335931B2 (en) Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
US10516533B2 (en) Password triggered trusted encryption key deletion
US11228449B2 (en) Secure interface for invoking privileged operations
US8832778B2 (en) Methods and apparatuses for user-verifiable trusted path in the presence of malware
Parno et al. Bootstrapping trust in modern computers
US8522018B2 (en) Method and system for implementing a mobile trusted platform module
England et al. A trusted open platform
Vasudevan et al. Trustworthy execution on mobile devices: What security properties can my mobile platform give me?
US8868898B1 (en) Bootable covert communications module
KR102233356B1 (ko) 모바일 통신 디바이스 및 그 작동 방법
KR101704329B1 (ko) 프리빌리지 컴퓨팅 작동의 결과 보호
US8996885B2 (en) Secure virtual machine manager
JP5802337B2 (ja) アウトオブバンドリモート認証
US20110093693A1 (en) Binding a cryptographic module to a platform
EP3706019B1 (fr) Protection d&#39;accès appliquée par matériel
US9137244B2 (en) System and method for generating one-time password for information handling resource
US9015454B2 (en) Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys
EP2368208A1 (fr) Dispositif de sécurité portable protégeant contre les enregistreurs automatiques de frappes
US20170076081A1 (en) Method and apparatus for securing user operation of and access to a computer system
Mannan et al. Unicorn: Two-factor attestation for data security
US20150264024A1 (en) System and method for confidential remote computing
Zhou et al. KISS:“key it simple and secure” corporate key management
NO340355B1 (en) 2-factor authentication for network connected storage device
Brasser et al. Softer Smartcards: Usable Cryptographic Tokens with Secure Execution

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11738496

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11738496

Country of ref document: EP

Kind code of ref document: A1