JP6138224B1 - Interface security system, peripheral device connection method, electronic device, and computer program - Google Patents

Abstract

An electronic device capable of preventing unauthorized access by a peripheral device is provided. A bus switch is inserted into a data line formed between a USB receptacle and a USB controller. When the switch controller 107 detects the connection of a peripheral device to the USB receptacle 300, the security manager 61 of the host system 103 detects the current location of the electronic device. The security manager refers to the location list 63 and determines the security risk of the location. The security manager does not allow the connection of the bus switch when a peripheral device is connected in a place with high security risk such as a public place, but allows charging through the Vbus line. Therefore, charging can be performed while preventing intrusion of malware from peripheral devices. [Selection] Figure 2

Description

  The present invention relates to a technique for improving data security of an electronic device equipped with an interface for connecting peripheral devices.

  Computers such as laptop computers and tablet terminals are equipped with USB (Universal Serial Bus) standard receptacles for connecting devices such as a keyboard, mouse, printer, or hard disk drive (HDD). In the USB interface, a computer operating as a host (source) or a dedicated charger can supply charging power to a peripheral device operating as a device (sink) through a power line called Vbus.

  Until now, charging services using USB ports have been provided in public places such as airports and cafes for portable electronic devices such as tablet terminals and smartphones with relatively low charging power. Recently, a USB standard called Type-C that can supply charging power up to 100 W has been announced (Non-Patent Document 1). In the future, charging services through a USB port will be started in public places even for laptop computers with large charging power.

  Incidentally, a USB controller that realizes a USB interface includes a flash memory that stores a CPU and firmware. Since such firmware is technically rewritable, it may be rewritten by an attacker who intends to cheat. For example, there is a possibility that firmware of a USB controller that provides a charging service in a public place is rewritten to emulate a virtual keyboard, and an input for extracting confidential information is inadvertently connected to a computer.

  Patent Document 1 discloses an information processing apparatus that detects a device class of a connected USB device and disables information input from the USB device when input from the USB device is not permitted. This document describes that neutralization is achieved by clearing input information stored in a buffer memory. Patent Document 2 discloses a security device that relays an I / O port such as USB or SATA of a control network device to prevent intrusion of malware from the outside. In this document, when I / O occurs from the device to be controlled to the original storage, access is restricted according to the security information read from the corresponding I / O block of the additional storage by the security device. Or confirming with the user.

JP 2013-242632 A JP2015-52951A

Universal Serial Bus Type-C Cable and Connector Specification, Revision 1.1 April 3, 2015, [online], USB Implementers Forum, Inc., [searched November 30, 2015], Internet <URL: http: // www. usb.org/developers/usbtypec/>

  With respect to malware intrusion from the network that occurs regardless of the user's intention, the computer can ensure the security with anti-Wales countermeasure software. However, since unauthorized firmware is executed by a peripheral device outside the computer and the computer recognizes that the user has input through a regular keyboard, it is difficult to detect unauthorized access through the peripheral device. Further, the connection of the peripheral device to the USB receptacle is intentionally performed by the user, and the convenience of the computer is lowered when an excessive security measure is taken. Therefore, despite the fact that data security risks due to the connection of peripheral devices have been pointed out, sufficient security measures have not been taken so far.

  An attacker can skillfully embed malware by rewriting the firmware implemented by the USB controller of the peripheral device. In some cases, a USB port that has been tampered with in order to eavesdrop on confidential information in public places may be offered as a charging service. In some cases, the USB memory may be sent as if it were lost, and the employee may be implicitly prompted to connect to the computer. Security measures need to assume that an attacker has the potential to modify any unprotected area, including peripheral device identifiers (IDs).

  In the method of permitting connection after recognizing the device class of the connected USB device as in the prior art, malware may invade through the data path before the connection is permitted. An attacker can also create fraudulent peripherals that impersonate a device class. Furthermore, in the method in which the host system of the computer authenticates the peripheral device, there is a possibility of being infected with malware in the authentication process.

  In particular, laptop computers that often store sensitive information can cause serious problems for corporate data security. The most reliable security measure is not to connect an unreliable peripheral device to the USB port. In this case, however, the convenience of the USB interface for charging the computer or exchanging data is significantly reduced. The present invention provides a technique for ensuring data security while maintaining the convenience of a user who uses a peripheral device.

  Therefore, an object of the present invention is to provide an electronic device that can prevent unauthorized access by a peripheral device. A further object of the present invention is to provide an electronic device capable of preventing intrusion of malware from a peripheral device having a charging function. A further object of the present invention is to provide a method and a security system for connecting peripheral devices while preventing unauthorized access.

  The present invention relates to an electronic device capable of connecting peripheral devices. The electronic device includes a connector for connecting peripheral devices, an interface controller for controlling data transfer between the host system and the peripheral devices, and a bus switch inserted in a data line between the connector and the interface controller. And a switch controller for controlling the bus switch based on information on the safety of data transfer with the peripheral device.

  According to the above configuration, even if the peripheral device is connected to the connector, the data channel is not established until the safety of the switch controller is confirmed, so it is possible to prevent malware from entering the host system from the peripheral device and to prevent unauthorized access. It can be prevented. If configured to receive charging power from peripheral devices through the connector while the bus switch is off, peripheral devices that cannot be verified for safety can be blocked to prevent unauthorized access. Because it can be recharged, the convenience of the interface is improved.

  In the present invention, since unauthorized access to the host system from peripheral devices can be prevented, information related to safety can be generated by the host system. Data security risks related to connection of peripheral devices are closely related to locations where peripheral devices are connected. Peripheral devices that exist in a place that the user can trust, such as home, may determine that there is no security risk. On the other hand, peripheral devices that exist in public places may be considered high security risks. Therefore, the information regarding safety can be configured to include information indicating the location where the electronic device is present, which is registered in advance.

  The switch controller can turn on the bus switch when it is determined that the electronic device is present at the first registered location. For connecting peripheral devices in a safe place, the user is not forced to perform additional operations or the functions of the available interfaces are not deteriorated. There is a trade-off between security risk reduction and convenience.

  When the electronic device is present in the second location where the security risk is higher than that in the first location, safety can be ensured by utilizing the knowledge and attention of the user. Specifically, when the switch controller determines that the electronic device is present in the second location registered in advance, the bus switch can be turned on only when instructed by the user.

  Furthermore, when the switch controller determines that the electronic device does not exist at a predetermined location registered in advance, the switch controller can maintain the bus switch in an OFF state unless an administrator with special authority permits it. When a user needs to connect a peripheral device in such a place, the security risk can be managed as a company by obtaining permission from the administrator in advance.

  If the data transfer to the host system is stopped while the electronic device communicates with the peripheral device at the hardware layer, there is no risk that malware will be sent to the host system. Therefore, information regarding safety can be generated by the electronic device communicating with the peripheral device at the hardware layer. Specifically, when an electronic device has a security chip for authenticating a peripheral device and the peripheral device has a security chip or securely stored credentials, the switch controller is successfully authenticated by the security chip The bus switch can be turned on only when When a data line configures multiple data channels with different communication standards, if the bus switch can disconnect all data channels, it is possible to reliably prevent intrusion of malware from peripheral devices. .

  According to the present invention, an electronic device capable of preventing unauthorized access by a peripheral device can be provided. Furthermore, according to the present invention, it is possible to provide an electronic device capable of preventing intrusion of malware from a peripheral device having a charging function. Furthermore, the present invention can provide a method and a security system for connecting peripheral devices while preventing unauthorized access.

1 is a functional block diagram showing a schematic configuration of a laptop computer 10 to which the present invention can be applied. 2 is a functional block diagram showing a configuration of a USB security system 100. FIG. It is a figure which shows the pin structure of the USB receptacle 300 of Type3 and the USB plug 301 corresponding to it. It is a figure for demonstrating a logical structure when the laptop 10 and the peripheral device 150 perform USB communication. 3 is a flowchart showing an operation procedure of the USB security system 100.

[Definition]
First, special terms used in this specification will be explained. The hardware refers to a logic circuit including only a semiconductor circuit and a processor capable of executing firmware stored in a ROM. The hardware layer refers to a system or processing function located below the environment in which the CPU executes the device driver, OS, and application program.

  “Physically disconnecting” means a process of electrically disconnecting the signal transmission line, and the physical switch corresponds to a means for physically disconnecting. The physical disconnection does not include a process in which software logically prohibits data transfer. The operation of the physical switch may be controlled by either hardware or software. It can be considered that the hardware installed in the computer is highly resistant to malware. When software controls a physical switch, it is necessary to execute the software in an environment in which security is ensured in order to maintain malware resistance of the physical switch. A connector is a generic term for a plug and a receptacle, and is used when it is not necessary to distinguish between the two.

  Peripheral devices refer to all devices that are connected to connectors provided on the housing of the electronic device. Peripheral devices also include a charger with a data communication function. Peripheral devices and electronic devices connected via the USB interface operate as a host (master) and the other as a device (slave) when connected, and one as a sink for receiving power and the other as a source for supplying power. Normally, the device acts as a sink and the host acts as a source, and vice versa.

[Computer]
The present invention can be applied to electronic devices such as desktop computers, laptop computers, tablet terminals, and smartphones. However, portable electronic devices that may connect unspecified peripheral devices at various locations are particularly effective when applied to the present invention because of high security risks. In this specification, a USB standard interface is exemplified as the I / O port, but the present invention can also be applied to other standard interfaces.

  FIG. 1 is a functional block diagram showing a schematic configuration of a laptop computer (laptop) 10 as an example of a portable electronic device. The CPU 11 includes a memory controller and a PCI Express controller, and is connected to the system memory 13, the video card 15, and the chip set 19. An FPD (Flat Panel Display) 17 such as OELD or LCD is connected to the video card 15. Connected to the chip set 19 are an HDD 21, a wireless WAN and a wireless LAN, or a wireless module 25 that performs any communication, a GPS module 27, a bus switch 200, and an embedded controller (EC) 31. In FIG. 1, the power line is drawn with a bold line within the range necessary for the description of the present invention.

  A Type-C USB receptacle 300 is connected to the bus switch 200. The USB receptacle 300 is provided at a position accessible from the outside of the housing. The chip set 19 includes various interface controllers including the USB block 101. A DC / DC converter 33, a battery unit 37, a charger 35, and an input device 39 are connected to the EC 31. The EC 31 is a micro controller that controls electric power and the temperature inside the housing, and controls the input device 39.

[USB security system]
FIG. 2 is a functional block diagram showing a configuration of the USB security system 100, and FIG. 3 is a diagram showing a pin configuration of a USB receptacle 300 of Type 3 and a USB plug 301 of Type 3. The USB security system 100 includes a host system 103, a USB block 101, a bus switch 200, and a USB receptacle 300.

  The USB security system 100 further includes a power switch 109 and a voltage regulator (VR) 111. The host system 103 corresponds to a complex of hardware and software excluding the USB block 101, the bus switch 200, and the USB receptacle 300 from the elements shown in FIG. The software that configures the host system 103 includes a USB driver, an OS, and application programs that are executed by the CPU 11 and is stored in the HDD 21. The host system 103 includes a security manager 61 that is a part of the application program and a location list 63 to which the security manager 61 refers.

  The security manager 61 performs processing related to ensuring safety when the peripheral device 150 (FIG. 4) is connected to the USB receptacle 300 with the USB plug 301. When the peripheral device 150 is connected, the security manager 61 displays a pop-up screen on the FPD 17 according to the security risk, or instructs the switch controller 107 to control the bus switch 200.

  The location list 63 corresponds to a white list that associates the location of the laptop 10 with the risk of malware intrusion from the peripheral device 150. The location list 63 is stored in the HDD 21, and the security manager 61 reads it into the system memory 13 for reference. In one example, in the location list 63, three levels of security levels relating to the safety of data transfer are set according to the location. For example, the user's home is set to the safest security level 1, the office is set to the next safe security level 2, and the rest is set to the dangerous security level 3. The number and location of security levels do not need to be particularly limited, and can be set independently by a company or user.

  In order to create the location list 63, the user takes the SSID or MAC address of the access point of the wireless LAN (WiFi) connected at that time while carrying the laptop 10 to the home or office. 25 and register. Alternatively, position information can be acquired from the GPS module 27 and registered. If the security manager 61 does not correspond to any of the security levels 1 and 2, the security manager 61 can treat the location of the laptop 10 as the security level 3 with the highest security risk.

  The location list 63 can reflect a company security policy. In one example, the data line can be physically blocked for all peripheral devices 150 connected at a security level 3 location. In another example, the location where the data line is blocked from the peripheral device 150 may be created as a black list. If only the administrator who has the security authority of the company can edit the location list 63, the company that distributes the laptop 10 to the employees can manage the security level centrally.

  The USB block 101 includes a USB controller 105 that controls data transfer between the peripheral device 150 and the host system 103, and a switch controller 107 that controls the bus switch 200 and the power switch 109. The USB controller 105 includes a physical layer 105 a, an endpoint pipe control (EPC) 105 b, and an interface 105 c to the higher system 103.

  The physical layer 105a includes a transceiver and a serial interface engine (SIE). The EPC 105b includes a FIFO buffer called a endpoint and a controller. The interface 105c includes a serial / parallel conversion function for data transfer with the host system 103. The switch controller 107 includes a ROM 107a that stores firmware and a micro control unit (MCU) 107b that executes the firmware. The switch controller 107 may include a security chip 107c such as a TPM (Trusted Platform Module) that can authenticate the peripheral device 150 at the hardware layer.

  The bus switch 200 corresponds to a physical switch that routes or physically disconnects two sets of Tx / Rx pins between the USB receptacle 300 and the USB controller 105. The bus switch 200 is controlled by the USB controller 105 or the switch controller 107. In FIG. 3, the USB receptacle 300 has 12 pins on two surfaces, a total of 24 pins, and functions even if the USB plug 301 is connected upside down and horizontally. The USB receptacle 300 includes two sets of D ± pins of a differential amplifier conforming to the USB 2.0 standard and two sets of Tx / Rx pins of a differential amplifier conforming to the USB 3.0 / 3.1 standard.

  Normally, only one of the two sets of Tx / Rx pins is used for USB 3.0 / 3.1 standard communication, so that the USB controller 105 and the USB receptacle 300 depend on the connection direction of the USB plug 301. Need to change the route between. Therefore, as shown in FIG. 2, the two sets of Tx / Rx pins are connected to the USB controller 105 via the bus switch 200 for routing.

  Note that Tx / Rx pins that are not used for USB 3.0 / 3.1 standard communication can also be used for other interfaces such as DP (Display Port) and PCIe. Since only the D ± pins arranged on either surface of the USB plug 301 are connected to the D ± pins, the D ± pins are usually directly connected to the USB controller 105 without going through a bus switch or a multiplexer.

  In the present invention, in order to prevent intrusion of malware from the peripheral device 150, the function of the bus switch 200 is expanded, and the D ± pin is also connected to the USB controller 105 via the bus switch 200. A line connecting the USB receptacle 300 to which the Tx / Rx pin and the D ± pin are connected and the USB controller 105 is referred to as a data line. In FIG. 2, the USB 3.0 / 3.1 data channel, the Display Port data channel, and the USB 2.0 data channel are connected between the USB receptacle 300 and the USB controller 105 via the bus switch 200. It shows how the data channel is formed.

  The VR 111 receives power from the DC / DC converter 33 and supplies power to each element of the power switch 109 and the USB security system 100. The USB receptacle 300 includes a CC1 pin, a CC2 pin (also referred to as CC pin or CC line), an SBU1 pin, and an SBU2 pin (also referred to as SBU pin) that are newly added in the Type 3 standard. The power switch 109 is a physical switch that switches circuits in order to supply power to the Vcon pin of the USB plug 301 through the Vbus line or the CC line, or to supply the power supplied from the Vbus line to the charger 35. .

  The power switch 109 is controlled by the USB controller 105 or the switch controller 107. The CC pin is connected to the USB block 101 via the power switch 109. The CC pin is connected to the Vcon pin of the USB plug 301 when the laptop 10 is connected to a predetermined USB cable or peripheral device. The power switch 109 connects the CC pin of the USB receptacle 300 and the USB block 101 when power to the Vconn pin is not supplied to the CC pin.

  The CC pin is used for the insertion direction of the USB plug 301, power transmission / reception parameter detection through Vbus, port identification of peripheral devices, BMC (Bi-phase Mark Coding) communication, and the like. The USB block 101 periodically monitors the CC pin and negotiates through the CC line when the peripheral device 150 is connected to determine an operation mode related to data communication and power supply. The SBU pin is connected to the USB block 101 and used for operation in an alternate mode.

  FIGS. 1 to 3 simply illustrate the main hardware configuration and connection relationships necessary to describe the present embodiment. In addition to those mentioned above, many devices or components are used to implement the laptop 10 and the USB security system 100. However, since they are well known to those skilled in the art and are not necessary for understanding the invention, the description thereof is omitted. A person skilled in the art also arbitrarily selects a plurality of blocks described in the figure as one integrated circuit or device, or conversely, a block is divided into a plurality of integrated circuits or devices. Is included in the scope of the present invention.

[Logical configuration of USB communication]
FIG. 4 is a diagram for explaining a logical configuration when the laptop 10 and the peripheral device 150 perform data transfer through the USB interface. Communication between the peripheral device 150 and the laptop 10 is performed in three layers: communication of the hardware layer 130, system level communication using a default pipe, and application level communication using a plurality of pipes. All packets exchanged between the peripheral device 150 and the host system 103 pass through Tx / Rx or D ± physical data lines.

  The default pipe and the pipe group are logical data channels constructed by physical data lines, and are formed by time-sharing data communication in the hardware layer 130. The default pipe is automatically constructed when the peripheral device 150 is connected. When the laptop 10 operates as a host, the peripheral device 150 is configured using a default pipe to construct a pipe group. The laptop 10 periodically monitors the CC pin, and communicates at the hardware layer 130 using the CC line when the peripheral device 150 is connected by a USB cable.

  The system software 51 including the device driver and OS stored in the HDD 21 performs communication at the system level using a default pipe and configures the peripheral device 150. The application program 53 stored in the HDD 21 performs communication at the application level using a plurality of pipes constructed by configuration. System level communication and application level communication are performed in the host system 103. When the host system 103 exchanges packets with the peripheral device 150 whose firmware has been illegally rewritten, a security risk occurs, but there is no possibility that the USB block 101 is infected with malware through communication at the hardware layer 130.

[Operation procedure of USB security system]
FIG. 5 is a flowchart showing an operation procedure of the USB security system 100. In block 401, before the peripheral device 150 is connected to the USB receptacle 300, the bus switch 200 disconnects all data channels. The power switch 109 connects the CC line and cuts the power supply path to the Vcon line and the Vbus line.

  In block 403, the peripheral device 150 is connected to the USB receptacle 300 with the USB plug 301. Peripheral device 150 becomes a sink like a smartphone or a tablet terminal and receives power supply from laptop 10 through Vbus line, or it becomes a source like charging port and supplies power to laptop 10 through Vbus line Including what to do.

  In block 405, the switch controller 107 recognizes the peripheral device 150 through the CC line. The switch controller 107 confirms the insertion direction of the USB plug 301 and executes negotiation regarding charging. The switch controller 107 establishes a source / sink relationship with the peripheral device 150. Here, it is assumed that the peripheral device 150 is the source and the laptop 10 is the sink. However, the present invention can also be applied to the case where the laptop 10 serves as a source and the peripheral device 150 serving as a sink is charged.

  In block 407, the switch controller 107 negotiates with the peripheral device 150 over the CC line for the charging voltage and maximum charging current. The peripheral device 150 supplies power to the Vbus line with a predetermined voltage, and the power controller 107 controls the power switch 109 to supply power to the charger 35 from the Vbus line. The EC 31 starts charging by monitoring the charging state of the battery unit 37 and setting parameters in the charger 35.

  Block 409 is performed with the peripheral device 150 that has been previously paired for mutual authentication. The laptop 10 transitions to block 451 when the security chip 107c successfully exchanges credentials with the peripheral device and succeeds in mutual authentication at the hardware layer 130. Instead of mutual authentication, only the laptop 10 may authenticate the peripheral device 150 in one direction.

  Since authentication is performed at the hardware layer 130, malware does not enter the upper system 10 during the authentication process. In block 451, the switch controller 107 controls the bus switch 200 to connect a predetermined data channel. Control of the bus switch 200 is safe because it is performed by the hardware layer 130 that is not contaminated by malware.

  When the data channel is established, the USB controller 105 or the peripheral device 150 constructs a default pipe and performs system level communication in accordance with a well-known plug and play procedure. Start data communication after building the group. Since the safety of the peripheral device 150 is confirmed before the default pipe is constructed, there is no risk of malware intruding into the laptop 10 even if system level and application level communication is performed.

  If mutual authentication is not possible and if mutual authentication fails, the process proceeds to block 411. In block 411, the switch controller 107 interrupts the CPU 11 and sends an event indicating an authentication failure to the security manager 61. The security manager 61 acquires the current position information from the GPS module 27 or acquires the SSID or MAC address of the access point currently connected from the wireless module 25.

  When the security manager 61 refers to the location list 63 in block 413 and determines that the security level of the current position of the laptop 10 is 1, the process proceeds to block 451. In block 451, the security manager 61 instructs the switch controller 107 to control the bus switch 200 to connect the data line. Since the peripheral device 150 present at home is unlikely to be contaminated with malware, even if the user connects the peripheral device 150 as before, the user can ensure safety without performing any special operation.

  Since the bus switch 200 is kept off until the security manager 61 determines the security level and instructs the switch controller 107, the host system 103 will be It is not contaminated by malware through the device 150. When the security manager 61 refers to the location list 63 in block 415 and determines that the security level of the current position of the laptop 10 is 2, the process proceeds to block 471.

  In block 471, the security manager 61 displays a pop-up screen indicating that the peripheral device 150 having the security risk is connected to the FPD 17. The pop-up screen may include the risk that malware will invade through the peripheral device 150 and that it is necessary to instruct connection after confirming the safety of the peripheral device 150 for data transfer. it can.

  When the user gives an instruction to permit connection of the data line through the input device 39 in block 473, the process proceeds to block 451. In block 451, the security manager 61 instructs the switch controller 107 to control the bus switch 200 to connect the data line. Since the bus switch 200 remains off until the user determines the security risk of the peripheral device 150, the host system 103 is not contaminated by malware through the peripheral device 150. Even if the user does not allow the data line connection in block 473, the laptop 10 can continue to be charged with power from the peripheral device 150.

  If it is determined that the current location is not registered in the location list 63, the security manager 61 displays a pop-up screen indicating that a dangerous peripheral device 150 is connected to the FPD 17 in block 417. . The pop-up screen can include a message that does not allow data communication because malware may enter through the peripheral device 150. In this case, the laptop 10 can only transmit and receive power to and from the peripheral device 150 through the Vbus line. In this case, the user of the laptop 10 can perform USB communication by making the hardware authentication successful or changing the location list 63 with permission from an administrator with security authority.

  Although the present invention has been described with the specific embodiments shown in the drawings, the present invention is not limited to the embodiments shown in the drawings, and is known so far as long as the effects of the present invention are achieved. It goes without saying that any configuration can be adopted.

10 Laptop Computer 100 USB Security System 101 USB Block 103 Host System 105 USB Controller 107 Switch Controller 200 Bus Switch 300 USB Receptacle 301 USB Plug

Claims (14)

An electronic device capable of connecting peripheral devices,
A host system that needs to prevent malware intrusion from the peripheral device; and
A connector for connecting the peripheral devices;
An interface controller for controlling data transfer performed between the host system and the peripheral device,
A bus switch inserted in a data line between the connector and the interface controller;
An electronic device comprising: a switch controller that controls the bus switch to be turned on when the peripheral device is authenticated by communicating with the peripheral device at a hardware layer that does not send a packet to the upper system . 2. The electronic apparatus according to claim 1, wherein the host system is configured as a composite of software including an application program and an operating system, and hardware including a processor and a system memory. The electronic device according to claim 1, wherein charging power is received from the peripheral device through the connector while the bus switch is in an off state. The electronic device according to claim 1, wherein the interface controller is a USB controller. The electronic device according to claim 4, wherein the bus switch is inserted into a Tx / Rx pin and a D ± pin . The electronic device according to claim 1, wherein the switch controller controls the bus switch based on information indicating a location of the electronic device registered in advance in the host system. 7. The electronic device according to claim 6 , wherein the switch controller turns on the bus switch when it is determined that the electronic device is present at a first registered location, even if the peripheral device is not authenticated. 8. machine. When the switch controller does not authenticate the peripheral device and it is determined that the electronic device exists in the second existing location registered in advance, the bus switch is turned on only when the user gives an instruction. The electronic device according to claim 6 . When the switch controller does not authenticate the peripheral device and determines that the electronic device does not exist in a predetermined location registered in advance, the bus switch unless authorized by an administrator with special authority The electronic device according to claim 6 , wherein the electronic device is maintained in an off state. The electronic device according to claim 1 , further comprising a security chip for authenticating the peripheral device, wherein the switch controller turns on the bus switch only when authentication by the security chip is successful.   The electronic device according to claim 1, wherein the data line constitutes a plurality of data channels having different communication standards, and the bus switch can disconnect all the data channels. A method of connecting a peripheral device to a connector provided in an electronic device equipped with a host system that needs to prevent malware intrusion from the peripheral device ,
A step of blocking the data line connecting said connector and the host system physically,
Detecting that the peripheral device is connected to the connector;
Connecting the data line when communicating with the peripheral device and authenticating the peripheral device at a hardware layer that does not send packets to the higher system . An interface security system for connecting a peripheral device to a connector included in an electronic device equipped with a host system that needs to prevent intrusion of malware from the peripheral device ,
A connector for connecting the peripheral devices;
An interface controller for controlling data transfer between the peripheral device and the host system ;
A bus switch inserted between the interface controller and the connector;
A security system comprising: a switch controller that turns on the bus switch when the peripheral device is authenticated by communicating with the peripheral device at a hardware layer that does not send a packet to the host system. 14. The security system according to claim 13 , wherein the connector includes a pin for the peripheral device to supply charging power and a pin for negotiating a parameter related to charging at a hardware layer.

Images