[go: up one dir, main page]

US20130111128A1 - Method for implementing and application of a secure processor stick (SPS) - Google Patents

Method for implementing and application of a secure processor stick (SPS) Download PDF

Info

Publication number
US20130111128A1
US20130111128A1 US13/722,577 US201213722577A US2013111128A1 US 20130111128 A1 US20130111128 A1 US 20130111128A1 US 201213722577 A US201213722577 A US 201213722577A US 2013111128 A1 US2013111128 A1 US 2013111128A1
Authority
US
United States
Prior art keywords
sps
host
usb
application
processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/722,577
Inventor
Kwang Wee Lee
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cassis International Pte Ltd
Original Assignee
Cassis International Pte Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US12/386,212 external-priority patent/US8396992B2/en
Priority claimed from US12/386,210 external-priority patent/US20100199008A1/en
Application filed by Cassis International Pte Ltd filed Critical Cassis International Pte Ltd
Priority to US13/722,577 priority Critical patent/US20130111128A1/en
Priority to US13/788,027 priority patent/US8694695B2/en
Publication of US20130111128A1 publication Critical patent/US20130111128A1/en
Priority to US14/246,167 priority patent/US9414433B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W80/00Wireless network protocols or protocol adaptations to wireless operation
    • H04W80/06Transport layer protocols, e.g. TCP [Transport Control Protocol] over wireless
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement

Definitions

  • the invention relates to running secure processes or applications in a secure environment on a secure processor stick for display on a PC without using or leaving traces in the PC memory.
  • USB devices like secure token may perform cryptography, secure key generation and storage.
  • secure tokens still require the application to be run on the PC with the plan information and data to access this feature and this leave the plain information and data before encryption vulnerable to attack.
  • IBM's USB secure stick the Zone Trusted Information Channel
  • SSL secure socket layer
  • the application is still using the host PC memory and leaves a memory trace on the host PC that is vulnerable to a virus or spyware attack.
  • Penprotect software for a host PC uses encryption to protect files within a USB flash drive, flash memory, or USB stick. But Penprotect software does not protect the encrypted files once they are decrypted and running on the host PC. Furthermore, the same encrypted files stored in the USB memory stick require Penprotect software to be installed on another PC before they can be accessed, so the encrypted files are not portable.
  • Livetoken is a USB drive with a Linux OS and a secure chip installed on it to store the keys and passwords.
  • Livetoken's design requires the host PC to be rebooted to run the OS on the USB drive.
  • the Linux OS is very dependent on the host PC hardware configuration, and will not work on any other host PC.
  • U3 technology from Sandisk allows a portable application in a USB flash drive to be used only on a Windows XP or Windows Vista PC. This provides only application portability, but not security for the application and data execution on the host PC because U3 technology uses the host PC memory to execute the portable application. This leaves the U3 technology open for attack from a virus or spyware.
  • SPS secure processor stick
  • the SPS may provide a secure processing environment in any computer environment, including but not limited to an unsecured environment like a virus infected system or a cyber café.
  • the secure application to be run securely is executed in the SPS's processor and memory; it does not make use of the host PC memory and does not leave any memory traces in the host PC.
  • FIG. 1 illustrates a schematic diagram showing the interface between the SPS and the host PC according to an embodiment of the invention
  • FIG. 2 illustrates a block diagram showing the software stack for the SPS according to an embodiment of the invention
  • FIG. 3 illustrates a block diagram showing the software stack for transferring the virtual screen on the secure process stick to the host PC according to an embodiment of the invention
  • FIG. 4 illustrates a block diagram showing the block diagram for web connectivity or network applications according to an embodiment of the invention.
  • FIG. 5 illustrates a block diagram showing how a modular PC system using standard USB devices can be built according to an embodiment of the invention.
  • an example of a secure processor stick 103 may interface with a PC 100 via a USB port 104 .
  • the PC may be a laptop, palmtop, netbook, notebook, desktop, or any other general-purpose computer having a port capable of interfacing with an SPS.
  • the secure processor stick 103 may display a virtual display 102 on the PC screen 101 .
  • the connection to the host PC 100 may be made by USB 104 , firewire, or any network connection to the host PC 100 .
  • SPS network connectivity may be provided by the host PC 100 through a TCP/IP bridge on the USB port 104 where the SPS 103 accesses the network using VPN, SSL or encryption.
  • the UI/Display for the SPS OS and application may be displayed as a window on the host PC screen 101 in a window 102 .
  • the screen/UI may be transferred from a virtual screen bitmap in the SPS 103 to the host PC 100 window via USB 104 .
  • the process/application running on the SPS 103 may not leave raw data on the host PC 100 , and there may not be a memory trace on the host PC 100 from the application/process running.
  • a firewall on the SPS 103 may restrict the access only to a VPN or secure host.
  • a host PC 100 may have no access to the SPS files or data.
  • the data and files on the SPS 103 may be secure and may be encrypted using a smart chip for added security.
  • the SPS 103 may be the size of a USB flash drive and can be easily kept by the owner at all times for portability and security.
  • Linux version 2.6.28.2 may be used as the OS for the SPS 103
  • an ARM 9 processor may be used as the SPS processor.
  • An NXP LPC3131 development board may be used for the components in the SPS 103 .
  • the USB port 104 may be used as the interface between the ARM 9 processor and the host PC 100 as shown in FIG. 1 .
  • the USB on the SPS 103 may be a composite USB device with both a CD-ROM component, which may install the PC application, and a CDC Ethernet class component, which may facilitate communication between the ARM 9 processor and the virtual display, input devices, and networking of the host PC 100 .
  • FIG. 2 illustrates the software stack for the SPS 103 .
  • the SPS 103 may contain only the processor, a memory, and a smart chip 208 .
  • the smart chip 208 may be used to store the key and the data encryption algorithm.
  • an SPS application 201 and encryption and tunneling software 202 may interface with a network port 204 , a virtual display and virtual input 205 , and input/output 206 via an operating system 203 .
  • the smart chip 208 may interface directly with the input/output 206 to ensure encrypted data transmission.
  • a composite USB device 214 may connect the SPS 103 with the PC 100 .
  • the network port 204 may contain a firewall.
  • the network port 204 may communicate with the PC 100 via the composite USB device 214 via TCP/IP 217 .
  • the virtual display and virtual input 205 may communicate with the PC 100 via the composite USB device 214 via a virtual display and virtual input packet 216 , respectively.
  • the host PC virtual screen application 207 may communicate with the PC 100 via the composite USB device 214 via a USB CD-ROM image 215 .
  • the PC operating system 212 may direct the PC input devices 213 to transmit data via the composite USB device 214 to the virtual input 205 on the SPS 103 .
  • the PC operating system 212 may direct the PC network software and/or hardware 210 to transmit and receive data via the composite USB device 214 to and from the TCP/IP 217 on the SPS 103 .
  • the PC operating system 212 may direct the virtual screen application 211 to receive data via the composite USB device 214 from the host PC virtual screen application 217 on the SPS 103 .
  • the SPS 103 may not contain a display, so there may be a need to display the UI for the OS 203 and the application 201 running on it. This may be accomplished by opening a window 102 in the host PC 100 to display the display buffer of the SPS screen. This process is covered and explained by patent U.S. patent application Ser. No. 12/386,211 for “System and Method for Implementing a Remote Display Using a Virtualization Technique,” which is incorporated fully by reference herein.
  • FIG. 3 illustrates one embodiment of the software stack for transferring the virtual screen on the secure process stick 103 to the PC 100 using an application. In this way, only display pixels may be transferred from the SPS 103 to the host PC's Virtual Display Device slave application 211 without necessarily communicating other information or data to the host PC 100 .
  • FIG. 3 illustrates a prototype setup of the virtual display on the SPS 103 interfacing with a PC 100 .
  • the software on the SPS 103 may exist in layers, with a Virtual Display Device protocol master 301 and an application 201 interfacing through a runtime environment 302 a graphic engine layer 303 , and an operating system 203 with a high speed data interface device driver 304 and a virtual display device core 305 .
  • the high speed data interface device driver 304 may communicate with the PC 100 using the USB hardware 306 via the USB connection 310 .
  • the PC 100 may have a virtual display device slave application 307 that runs on an operating system 212 .
  • the operating system 212 may interface with a USB driver 308 have a USB device 309 that communicates with the SPS 103 .
  • the virtual display device slave application 307 may receive display information from the virtual display device protocol master 301 via the USB connection 310 .
  • the SPS 103 may establish network access with a network bridge between the host PC network 210 to the outside world through a USB CDC/Ethernet port. There may be a firewall on the front end of the SPS network port 204 to block direct access of the file system or data on the SPS OS 203 . To enhance security, the SPS 103 may only access the outside world via a VPN or other encrypted server. In this way, the host PC 100 may not have access to any unencrypted data from the SPS 103 passing through its network port.
  • the primary use of the smart chip 208 may be to store keys or passwords used by the SPS 103 .
  • the smart chip 208 may also contain the encryption and decryption algorithm used for the data/file system and network access.
  • the host PC 100 may run an operating system 212 such as Windows XP, Windows Vista, or a Mac OS, but is not limited to these operating systems.
  • the SPS 103 may be in a USB form factor. In another aspect, this USB SPS 103 may be connected to any USB port 104 on a host PC that may even be booted up.
  • the SPS 103 may be a composite USB device containing a CDC/Ethernet class component and a CD-ROM component. The application stored in the CD-ROM component 207 may auto-run when the SPS 103 is connected to the host PC 100 .
  • This application 207 may open up a window 102 on the host PC screen 101 and set up the network bridge 217 between the host PC 100 and the SPS 103 .
  • the SPS OS 203 may show the boot up screen for the SPS 103 in the window 102 on the host PC screen 101 .
  • Matchbox may be used as the desktop GUI 302 on the SPS 103 .
  • Password challenges may function as a process for login to gain access to the SPS 103 .
  • the host PC mouse cursor and keyboard input 213 may be transferred to the SPS OS 203 to navigate and launch a program in the SPS file system.
  • a network connection to the outside world may be established either via VPN or an encrypted link to a secure server.
  • a web browser or application may use the secure network to communicate with the outside world.
  • the host PC 100 may see the SPS 103 as a network device, but the SPS device 103 will be blocked by a firewall on the SPS network connection 204 . No files or data may be transferred between the SPS 103 and the host PC 100 with a firewall enabled on the SPS network connection 204 .
  • the SPS 103 may enable TV, digital photo frame, or other display device 401 functionality with web connectivity or a network application like email, messaging applications, and even games with or without the smart chip 208 .
  • the SPS 103 may communicate with a display device 401 via a USB hub 407 on the display device 401 . This may be accomplished by implementing the VDD Slave for the SPS display 404 and displaying it on the display device 402 .
  • Input from the user may be accomplished by receiving IR remote instructions via a remote sensor 406 , where a VID protocol slave application 405 sends the instructions of the IR remote to the SPS OS 203 .
  • Network connectivity may be achieved using a wireless, Ethernet, or USB device connection 403 , but is not limited to these.
  • a USB network device may only require a standard driver to be installed in the SPS OS 203 .
  • FIG. 4 illustrates the block diagram for web connectivity or network applications.
  • FIG. 5 illustrates how a modular PC system 500 using standard USB devices can be built.
  • a Linux OS may be installed, requiring standard Linux drivers for the USB devices to make them work together as a modular PC 500 .
  • the SPS 103 may be the USB host device.
  • the SPS 103 may connect to a USB hub 407 .
  • the USB hub 407 may be connected to a network device 403 , a keypad 505 , a mouse 504 , other USB devices 503 , and a USB connection to a display 502 .
  • the USB connection to a display 502 may join a monitor 501 to the SPS 103 via the USB hub 407 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Systems and methods for implementing a secure processor stick are described. In one aspect, the system for implementing a secure processor stick with a computer, the system comprising: a secure processor stick, including: a processor; a memory coupled to said processor; a smart chip coupled to said processor, said smart chip storing data for implementing a secure environment; and an operating system adapted to run on said memory and said processor, wherein said operating system is adapted to provide a secure environment for display on a computer using said data.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims priority to U.S. Provisional Patent Applications Ser. Nos. 61/206,454, 61/206,453, and 61/206,427, filed Jan. 30, 2009, and U.S. Provisional Patent Application Ser. No. 61/206,797, filed Feb. 4, 2009, the disclosures of which are incorporated herein by reference. This application also claims priority to U.S. patent applications Ser. Nos. 12/386,208, 12/386,210, 12/386,211, 12/386,212 and 12/386,213, filed Apr. 14, 2009, the disclosures of which are incorporated herein by reference.
    • FIELD OF THE INVENTION
  • The invention relates to running secure processes or applications in a secure environment on a secure processor stick for display on a PC without using or leaving traces in the PC memory.
    • BACKGROUND OF THE INVENTION
  • In the present PC environment, viruses, spyware and malware may be present in PCs, which may compromise valuable data or transactions. USB devices like secure token may perform cryptography, secure key generation and storage. However, secure tokens still require the application to be run on the PC with the plan information and data to access this feature and this leave the plain information and data before encryption vulnerable to attack.
  • IBM's USB secure stick, the Zone Trusted Information Channel, has an on-board processor used to create a secure socket layer (“SSL”) channel, but not for running a secure application. The application is still using the host PC memory and leaves a memory trace on the host PC that is vulnerable to a virus or spyware attack.
  • Penprotect software for a host PC uses encryption to protect files within a USB flash drive, flash memory, or USB stick. But Penprotect software does not protect the encrypted files once they are decrypted and running on the host PC. Furthermore, the same encrypted files stored in the USB memory stick require Penprotect software to be installed on another PC before they can be accessed, so the encrypted files are not portable.
  • Livetoken is a USB drive with a Linux OS and a secure chip installed on it to store the keys and passwords. However, Livetoken's design requires the host PC to be rebooted to run the OS on the USB drive. Furthermore, the Linux OS is very dependent on the host PC hardware configuration, and will not work on any other host PC.
  • U3 technology from Sandisk allows a portable application in a USB flash drive to be used only on a Windows XP or Windows Vista PC. This provides only application portability, but not security for the application and data execution on the host PC because U3 technology uses the host PC memory to execute the portable application. This leaves the U3 technology open for attack from a virus or spyware.
    • SUMMARY OF THE INVENTION
  • This disclosure describes a secure processor stick (“SPS”) for use with a computer. The SPS may provide a secure processing environment in any computer environment, including but not limited to an unsecured environment like a virus infected system or a cyber café. The secure application to be run securely is executed in the SPS's processor and memory; it does not make use of the host PC memory and does not leave any memory traces in the host PC.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • Features and other aspects of embodiments of the present invention are explained in the following description taking in conjunction with the accompanying drawings, wherein:
  • FIG. 1 illustrates a schematic diagram showing the interface between the SPS and the host PC according to an embodiment of the invention;
  • FIG. 2 illustrates a block diagram showing the software stack for the SPS according to an embodiment of the invention;
  • FIG. 3 illustrates a block diagram showing the software stack for transferring the virtual screen on the secure process stick to the host PC according to an embodiment of the invention;
  • FIG. 4 illustrates a block diagram showing the block diagram for web connectivity or network applications according to an embodiment of the invention; and
  • FIG. 5 illustrates a block diagram showing how a modular PC system using standard USB devices can be built according to an embodiment of the invention.
    •  DETAILED DESCRIPTION
  • Various embodiments of the present invention will now be described in greater detail with reference to the drawings.
  • As shown in FIG. 1, an example of a secure processor stick 103 may interface with a PC 100 via a USB port 104. As used herein, the PC may be a laptop, palmtop, netbook, notebook, desktop, or any other general-purpose computer having a port capable of interfacing with an SPS. Once connected, the secure processor stick 103 may display a virtual display 102 on the PC screen 101. The connection to the host PC 100 may be made by USB 104, firewire, or any network connection to the host PC 100. SPS network connectivity may be provided by the host PC 100 through a TCP/IP bridge on the USB port 104 where the SPS 103 accesses the network using VPN, SSL or encryption. The UI/Display for the SPS OS and application may be displayed as a window on the host PC screen 101 in a window 102. The screen/UI may be transferred from a virtual screen bitmap in the SPS 103 to the host PC 100 window via USB 104. The process/application running on the SPS 103 may not leave raw data on the host PC 100, and there may not be a memory trace on the host PC 100 from the application/process running. A firewall on the SPS 103 may restrict the access only to a VPN or secure host. A host PC 100 may have no access to the SPS files or data. The data and files on the SPS 103 may be secure and may be encrypted using a smart chip for added security. The SPS 103 may be the size of a USB flash drive and can be easily kept by the owner at all times for portability and security.
  • Linux version 2.6.28.2 may be used as the OS for the SPS 103, and an ARM 9 processor may be used as the SPS processor. An NXP LPC3131 development board may be used for the components in the SPS 103. The USB port 104 may be used as the interface between the ARM 9 processor and the host PC 100 as shown in FIG. 1. The USB on the SPS 103 may be a composite USB device with both a CD-ROM component, which may install the PC application, and a CDC Ethernet class component, which may facilitate communication between the ARM 9 processor and the virtual display, input devices, and networking of the host PC 100.
  • FIG. 2 illustrates the software stack for the SPS 103. The SPS 103 may contain only the processor, a memory, and a smart chip 208. The smart chip 208 may be used to store the key and the data encryption algorithm. Within the SPS 103, an SPS application 201 and encryption and tunneling software 202 may interface with a network port 204, a virtual display and virtual input 205, and input/output 206 via an operating system 203. The smart chip 208 may interface directly with the input/output 206 to ensure encrypted data transmission. A composite USB device 214 may connect the SPS 103 with the PC 100. The network port 204 may contain a firewall. The network port 204 may communicate with the PC 100 via the composite USB device 214 via TCP/IP 217. The virtual display and virtual input 205 may communicate with the PC 100 via the composite USB device 214 via a virtual display and virtual input packet 216, respectively. The host PC virtual screen application 207 may communicate with the PC 100 via the composite USB device 214 via a USB CD-ROM image 215. On the PC 100, the PC operating system 212 may direct the PC input devices 213 to transmit data via the composite USB device 214 to the virtual input 205 on the SPS 103. In another aspect, the PC operating system 212 may direct the PC network software and/or hardware 210 to transmit and receive data via the composite USB device 214 to and from the TCP/IP 217 on the SPS 103. In another aspect, the PC operating system 212 may direct the virtual screen application 211 to receive data via the composite USB device 214 from the host PC virtual screen application 217 on the SPS 103.
    • User Interface (UI) and Display
  • The SPS 103 may not contain a display, so there may be a need to display the UI for the OS 203 and the application 201 running on it. This may be accomplished by opening a window 102 in the host PC 100 to display the display buffer of the SPS screen. This process is covered and explained by patent U.S. patent application Ser. No. 12/386,211 for “System and Method for Implementing a Remote Display Using a Virtualization Technique,” which is incorporated fully by reference herein. FIG. 3 illustrates one embodiment of the software stack for transferring the virtual screen on the secure process stick 103 to the PC 100 using an application. In this way, only display pixels may be transferred from the SPS 103 to the host PC's Virtual Display Device slave application 211 without necessarily communicating other information or data to the host PC 100.
  • FIG. 3 illustrates a prototype setup of the virtual display on the SPS 103 interfacing with a PC 100. The software on the SPS 103 may exist in layers, with a Virtual Display Device protocol master 301 and an application 201 interfacing through a runtime environment 302 a graphic engine layer 303, and an operating system 203 with a high speed data interface device driver 304 and a virtual display device core 305. The high speed data interface device driver 304 may communicate with the PC 100 using the USB hardware 306 via the USB connection 310. The PC 100 may have a virtual display device slave application 307 that runs on an operating system 212. The operating system 212 may interface with a USB driver 308 have a USB device 309 that communicates with the SPS 103. In one embodiment, the virtual display device slave application 307 may receive display information from the virtual display device protocol master 301 via the USB connection 310.
    • User Interface (UI) and Keyboards, Mice, and Other Inputs
  • When the mouse is clicked on the virtual display from the SPS window 102, the mouse and keyboard input may be automatically transferred to the OS 203 running on the SPS 103. The mouse cursor movement may be locked within the window of the virtual screen 102. The cursor and keyboards may be released back to other host PC programs or the host PC OS 212 by hitting the Escape key. This process is covered and explained by patent U.S. patent application Ser. No. 12/386,210 for “System and Method for Implementing a Remote Input Device Using Virtualization Techniques for a Wireless Device,” which is incorporated fully by reference herein.
    • Network Access
  • The SPS 103 may establish network access with a network bridge between the host PC network 210 to the outside world through a USB CDC/Ethernet port. There may be a firewall on the front end of the SPS network port 204 to block direct access of the file system or data on the SPS OS 203. To enhance security, the SPS 103 may only access the outside world via a VPN or other encrypted server. In this way, the host PC 100 may not have access to any unencrypted data from the SPS 103 passing through its network port.
    • The Smart Chip Device on the SPS
  • The primary use of the smart chip 208 may be to store keys or passwords used by the SPS 103. The smart chip 208 may also contain the encryption and decryption algorithm used for the data/file system and network access.
    • Usage Model of the SPS with a PC
  • The host PC 100 may run an operating system 212 such as Windows XP, Windows Vista, or a Mac OS, but is not limited to these operating systems. In one aspect of the present invention, the SPS 103 may be in a USB form factor. In another aspect, this USB SPS 103 may be connected to any USB port 104 on a host PC that may even be booted up. The SPS 103 may be a composite USB device containing a CDC/Ethernet class component and a CD-ROM component. The application stored in the CD-ROM component 207 may auto-run when the SPS 103 is connected to the host PC 100. This application 207 may open up a window 102 on the host PC screen 101 and set up the network bridge 217 between the host PC 100 and the SPS 103. The SPS OS 203, may show the boot up screen for the SPS 103 in the window 102 on the host PC screen 101. Matchbox may be used as the desktop GUI 302 on the SPS 103. Password challenges may function as a process for login to gain access to the SPS 103. The host PC mouse cursor and keyboard input 213 may be transferred to the SPS OS 203 to navigate and launch a program in the SPS file system. A network connection to the outside world may be established either via VPN or an encrypted link to a secure server. A web browser or application may use the secure network to communicate with the outside world. The host PC 100 may see the SPS 103 as a network device, but the SPS device 103 will be blocked by a firewall on the SPS network connection 204. No files or data may be transferred between the SPS 103 and the host PC 100 with a firewall enabled on the SPS network connection 204.
    • Other Usage of the SPS
  • The SPS 103 may enable TV, digital photo frame, or other display device 401 functionality with web connectivity or a network application like email, messaging applications, and even games with or without the smart chip 208. In one embodiment, the SPS 103 may communicate with a display device 401 via a USB hub 407 on the display device 401. This may be accomplished by implementing the VDD Slave for the SPS display 404 and displaying it on the display device 402. Input from the user may be accomplished by receiving IR remote instructions via a remote sensor 406, where a VID protocol slave application 405 sends the instructions of the IR remote to the SPS OS 203. Network connectivity may be achieved using a wireless, Ethernet, or USB device connection 403, but is not limited to these. A USB network device may only require a standard driver to be installed in the SPS OS 203. FIG. 4 illustrates the block diagram for web connectivity or network applications.
  • Another application of the SPS 103 may be to build a modular PC 500 using standard USB devices. FIG. 5 illustrates how a modular PC system 500 using standard USB devices can be built. A Linux OS may be installed, requiring standard Linux drivers for the USB devices to make them work together as a modular PC 500. In this aspect, the SPS 103 may be the USB host device. In one embodiment, the SPS 103 may connect to a USB hub 407. In further embodiments, the USB hub 407 may be connected to a network device 403, a keypad 505, a mouse 504, other USB devices 503, and a USB connection to a display 502. The USB connection to a display 502 may join a monitor 501 to the SPS 103 via the USB hub 407.
  • Although a particular embodiment has been described, this was for the purpose of illustrating, but not limiting, the invention. Various alternative embodiments, which will come readily to the mind of the person skilled in the art, are within the scope of the invention as defined by the appended claims.

Claims (2)

1-28. (canceled)
29. A system for implementing a secure processor stick with a computer, the system comprising:
a secure processor stick, including:
a processor;
a memory coupled to said processor;
a smart chip coupled to said processor, said smart chip storing data for implementing a secure environment; and
an operating system adapted to run on said memory and said processor, wherein said operating system is adapted to provide a secure environment for display on a computer using said data.
US13/722,577 2009-01-30 2012-12-20 Method for implementing and application of a secure processor stick (SPS) Abandoned US20130111128A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US13/722,577 US20130111128A1 (en) 2009-01-30 2012-12-20 Method for implementing and application of a secure processor stick (SPS)
US13/788,027 US8694695B2 (en) 2009-01-30 2013-03-07 System and method for remotely operating a wireless device using a server and client architecture
US14/246,167 US9414433B2 (en) 2009-01-30 2014-04-07 System and method for remotely operating a wireless device using a server and client architecture

Applications Claiming Priority (8)

Application Number Priority Date Filing Date Title
US20645409P 2009-01-30 2009-01-30
US12/386,212 US8396992B2 (en) 2009-01-30 2009-04-14 System and method for virtualizing the peripherals in a terminal device to enable remote management via removable portable media with processing capability
US12/386,208 US8442509B2 (en) 2009-01-30 2009-04-14 System and method for managing a wireless device from removable media with processing capability
US12/386,210 US20100199008A1 (en) 2009-01-30 2009-04-14 System and method for implementing a remote input device using virtualization techniques for wireless device
US12/386,213 US8254903B2 (en) 2009-01-30 2009-04-14 System and method for remotely operating a wireless device using a server and client architecture
US12/386,211 US8477082B2 (en) 2009-01-30 2009-04-14 System and method for implementing a remote display using a virtualization technique
US12/660,723 US8341087B2 (en) 2010-03-03 2010-03-03 Method for implementing and application of a secure processor stick (SPS)
US13/722,577 US20130111128A1 (en) 2009-01-30 2012-12-20 Method for implementing and application of a secure processor stick (SPS)

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/660,723 Continuation US8341087B2 (en) 2009-01-30 2010-03-03 Method for implementing and application of a secure processor stick (SPS)

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/788,027 Continuation US8694695B2 (en) 2009-01-30 2013-03-07 System and method for remotely operating a wireless device using a server and client architecture

Publications (1)

Publication Number Publication Date
US20130111128A1 true US20130111128A1 (en) 2013-05-02

Family

ID=44532266

Family Applications (4)

Application Number Title Priority Date Filing Date
US12/660,723 Expired - Fee Related US8341087B2 (en) 2009-01-30 2010-03-03 Method for implementing and application of a secure processor stick (SPS)
US13/722,577 Abandoned US20130111128A1 (en) 2009-01-30 2012-12-20 Method for implementing and application of a secure processor stick (SPS)
US13/788,027 Expired - Fee Related US8694695B2 (en) 2009-01-30 2013-03-07 System and method for remotely operating a wireless device using a server and client architecture
US14/246,167 Expired - Fee Related US9414433B2 (en) 2009-01-30 2014-04-07 System and method for remotely operating a wireless device using a server and client architecture

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US12/660,723 Expired - Fee Related US8341087B2 (en) 2009-01-30 2010-03-03 Method for implementing and application of a secure processor stick (SPS)

Family Applications After (2)

Application Number Title Priority Date Filing Date
US13/788,027 Expired - Fee Related US8694695B2 (en) 2009-01-30 2013-03-07 System and method for remotely operating a wireless device using a server and client architecture
US14/246,167 Expired - Fee Related US9414433B2 (en) 2009-01-30 2014-04-07 System and method for remotely operating a wireless device using a server and client architecture

Country Status (2)

Country Link
US (4) US8341087B2 (en)
CN (1) CN102195966A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150091555A1 (en) * 2013-09-30 2015-04-02 Tsinghua University Apparatus for detecting magnetic flux leakage signals
US20160178580A1 (en) * 2014-12-19 2016-06-23 Tsinghua University Method and apparatus for quantifying pipeline defect based on magnetic flux leakage testing

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7990724B2 (en) 2006-12-19 2011-08-02 Juhasz Paul R Mobile motherboard
US8341087B2 (en) * 2010-03-03 2012-12-25 Cassis International Pte Ltd Method for implementing and application of a secure processor stick (SPS)
FR2973185B1 (en) * 2011-03-22 2013-03-29 Sagem Defense Securite METHOD AND DEVICE FOR CONNECTING TO A HIGH SECURITY NETWORK
KR101873530B1 (en) * 2012-04-10 2018-07-02 삼성전자주식회사 Mobile system, method of processing an input in a mobile system, and electronic payment method using a mobile system
CN105339918B (en) 2013-06-28 2020-08-11 惠普发展公司,有限责任合伙企业 Attached computing device
US10423564B2 (en) 2013-07-03 2019-09-24 Hewlett-Packard Development Company, L.P. Universal serial bus data routing
CN103632090B (en) * 2013-11-04 2016-06-08 天津汉柏信息技术有限公司 A kind of virtual machine runs the method for virtual firewall
DE102013021935A1 (en) * 2013-12-20 2015-06-25 Giesecke & Devrient Gmbh Method and apparatus for using a security element with a mobile terminal
US10275370B2 (en) * 2015-01-05 2019-04-30 Google Llc Operating system dongle
CN105224087A (en) * 2015-10-14 2016-01-06 联想(北京)有限公司 A kind of information processing method and the first electronic equipment
US10412191B1 (en) * 2016-03-30 2019-09-10 Amazon Technologies, Inc. Hardware validation
CA2974397A1 (en) * 2016-07-26 2018-01-26 Nathan Meor 911 training system
US10216673B2 (en) * 2017-01-16 2019-02-26 International Business Machines Corporation USB device firmware sanitization
US11520939B2 (en) 2017-03-17 2022-12-06 International Business Machines Corporation Protecting computer systems from malicious USB devices via a USB firewall
CN109819201A (en) * 2019-03-08 2019-05-28 厦门亿联网络技术股份有限公司 A kind of meeting secondary flow data transmission method, display methods, conference system and peripheral equipment
EP3949429A4 (en) * 2019-06-26 2022-04-06 Samsung Electronics Co., Ltd. DISPLAY APPARATUS AND METHOD OF OPERATING IT
CN113238715B (en) * 2021-06-03 2022-08-30 上海新氦类脑智能科技有限公司 Intelligent file system, configuration method thereof, intelligent auxiliary computing equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070073937A1 (en) * 2005-09-15 2007-03-29 Eugene Feinberg Content-Aware Digital Media Storage Device and Methods of Using the Same
US20070124536A1 (en) * 2005-11-09 2007-05-31 Electronic Plastics, Llc Token device providing a secure work environment and utilizing a virtual interface

Family Cites Families (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2317246B (en) 1996-09-13 2001-08-08 Orange Personal Comm Serv Ltd Data store
JP3045985B2 (en) * 1997-08-07 2000-05-29 インターナショナル・ビジネス・マシーンズ・コーポレイション Connection establishment method, communication method, state change transmission method, state change execution method, wireless device, wireless device, and computer
JP3685931B2 (en) 1998-07-31 2005-08-24 株式会社ソニー・コンピュータエンタテインメント Information processing apparatus startup method, storage medium, and information processing apparatus
US6269254B1 (en) 1998-09-28 2001-07-31 Motorola, Inc. Radio communications device and method with API between user application program and telephony program and method
US6405278B1 (en) * 1999-05-20 2002-06-11 Hewlett-Packard Company Method for enabling flash memory storage products for wireless communication
US7278142B2 (en) * 2000-08-24 2007-10-02 Veritas Operating Corporation Dynamic computing environment using remotely allocable resources
US6970891B1 (en) * 2000-11-27 2005-11-29 Microsoft Corporation Smart card with volatile memory file subsystem
JP2002329180A (en) * 2001-04-27 2002-11-15 Toshiba Corp Memory card having wireless communication function and data communication method thereof
EP1469396A4 (en) * 2001-12-29 2005-03-23 Tai Guen Entpr Co Ltd A portable data conversion processor with standard data port
US20040162804A1 (en) 2003-02-18 2004-08-19 Michael Strittmatter System and method for searching for wireless devices
US7403300B2 (en) 2003-03-21 2008-07-22 Toshiba Corporation Wireless wide area network printing
FR2854261B1 (en) 2003-04-28 2005-07-08 Ucopia Comm METHOD FOR EXECUTING A SOFTWARE APPLICATION THROUGH A SOFTWARE PRIMER PROGRAM AND COMPUTER ARCHITECTURE FOR THE IMPLEMENTATION OF THE METHOD
US7409477B2 (en) * 2003-09-03 2008-08-05 Hewlett-Packard Development Company, L.P. Memory card having a processor coupled between host interface and second interface wherein internal storage code provides a generic interface between host interface and processor
CN1561124A (en) 2004-02-19 2005-01-05 Mobile phone short message autonomous control method
DE202004020819U1 (en) 2004-11-30 2006-04-06 Power Digital Card Co., Ltd., Banchiau Memory card for wireless data transmission has a PCB with a microprocessor and a conducting wire connected to an aerial which is glued to the PCB surface in an electrically conducting manner
EP1798943A1 (en) * 2005-12-13 2007-06-20 Axalto SA SIM messaging client
US8028040B1 (en) * 2005-12-20 2011-09-27 Teradici Corporation Method and apparatus for communications between a virtualized host and remote devices
US7587536B2 (en) 2006-07-28 2009-09-08 Icron Technologies Corporation Method and apparatus for distributing USB hub functions across a network
US20080139195A1 (en) * 2006-12-07 2008-06-12 David John Marsyla Remote access for mobile devices
CN101256609B (en) * 2007-03-02 2010-09-08 群联电子股份有限公司 memory card and security method thereof
US7925802B2 (en) * 2007-06-21 2011-04-12 Seamicro Corp. Hardware-based virtualization of BIOS, disks, network-interfaces, and consoles using a direct interconnect fabric
TWI334083B (en) 2007-06-27 2010-12-01 Avermedia Tech Inc Television card with remote control module
US8442521B2 (en) * 2007-09-04 2013-05-14 Apple Inc. Carrier configuration at activation
GB2456001A (en) * 2007-12-28 2009-07-01 Symbian Software Ltd Storage device having a single file allocation table
CN101231725B (en) * 2008-01-23 2013-03-27 深圳兆日科技股份有限公司 Interface conversion equipment and method communicating with computing electronic payment secret code safety device
US7826841B2 (en) * 2008-02-11 2010-11-02 Wei Lu Open wireless architecture virtualization system for wireless mobile terminal device
WO2010086714A1 (en) 2009-01-30 2010-08-05 Cassis International Pte Ltd System and method for remotely operating a wireless device using a server and client architecture
WO2010086731A1 (en) 2009-01-30 2010-08-05 Cassis International Pte Ltd System and method for virtualizing the peripherals in a terminal device to enable remote management via removable portable media with processing capability
US20100199008A1 (en) * 2009-01-30 2010-08-05 Kwang Wee Lee System and method for implementing a remote input device using virtualization techniques for wireless device
US8254903B2 (en) * 2009-01-30 2012-08-28 Cassis International Pte. Ltd. System and method for remotely operating a wireless device using a server and client architecture
US8341087B2 (en) * 2010-03-03 2012-12-25 Cassis International Pte Ltd Method for implementing and application of a secure processor stick (SPS)
WO2010086711A2 (en) 2009-01-30 2010-08-05 Cassis International Pte Ltd System and method for implementing a remote display using a virtualization technique
WO2010086712A2 (en) 2009-01-30 2010-08-05 Cassis International Pte Ltd System and method for managing a wireless device from removable media with processing capability

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070073937A1 (en) * 2005-09-15 2007-03-29 Eugene Feinberg Content-Aware Digital Media Storage Device and Methods of Using the Same
US20070124536A1 (en) * 2005-11-09 2007-05-31 Electronic Plastics, Llc Token device providing a secure work environment and utilizing a virtual interface

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150091555A1 (en) * 2013-09-30 2015-04-02 Tsinghua University Apparatus for detecting magnetic flux leakage signals
US20160178580A1 (en) * 2014-12-19 2016-06-23 Tsinghua University Method and apparatus for quantifying pipeline defect based on magnetic flux leakage testing

Also Published As

Publication number Publication date
US9414433B2 (en) 2016-08-09
US20130185351A1 (en) 2013-07-18
US20140223033A1 (en) 2014-08-07
CN102195966A (en) 2011-09-21
US8694695B2 (en) 2014-04-08
US20110219148A1 (en) 2011-09-08
US8341087B2 (en) 2012-12-25

Similar Documents

Publication Publication Date Title
US8341087B2 (en) Method for implementing and application of a secure processor stick (SPS)
US10699005B2 (en) Techniques for controlling and regulating network access on air-gapped endpoints
US8627414B1 (en) Methods and apparatuses for user-verifiable execution of security-sensitive code
CN102411693B (en) Inherited product activation for virtual machines
US8615656B2 (en) Secure remote peripheral encryption tunnel
CN101350044B (en) A method for building trust in a virtual environment
JP5976564B2 (en) Security enhanced computer system and method
US11599675B2 (en) Detecting data leakage to websites accessed using a remote browsing infrastructure
KR102403138B1 (en) Method for privileged mode based secure input mechanism
US20090319782A1 (en) Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
US20220004623A1 (en) Managed isolated workspace on a user device
CN105814576A (en) Automatic strong identity generation for cluster nodes
US9331906B1 (en) Compartmentalization of the user network interface to a device
WO2017052944A1 (en) Provable traceability
JP2008097575A (en) Authentication password storage method, generation method, user authentication method, and computer
JP5799399B1 (en) Virtual communication system
US11150936B2 (en) Techniques for binding user identities to appropriate virtual machines with single sign-on
JP5548095B2 (en) Virtual control program, information processing apparatus, and virtual control method
US11153322B2 (en) Techniques for seamlessly launching applications in appropriate virtual machines
Steinmetz USB-an attack surface of emerging importance
Banga et al. Trustworthy computing for the cloud-mobile era: A leap forward in systems architecture
US20250097200A1 (en) User space firewall manager
EP4568179A1 (en) User space firewall manager
Plaga et al. Secure your SSH Keys! Motivation and Practical Implementation of a HSM-based Approach Securing Private SSH-Keys
Main et al. Hedwig:​ Secure dialup service with strong per-user sandbox

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION