WO2019130042A1 - Contrôle d'intégrité d'un dispositif périphérique sécurisé - Google Patents

Contrôle d'intégrité d'un dispositif périphérique sécurisé Download PDF

Info

Publication number
WO2019130042A1
WO2019130042A1 PCT/IB2017/001788 IB2017001788W WO2019130042A1 WO 2019130042 A1 WO2019130042 A1 WO 2019130042A1 IB 2017001788 W IB2017001788 W IB 2017001788W WO 2019130042 A1 WO2019130042 A1 WO 2019130042A1
Authority
WO
WIPO (PCT)
Prior art keywords
peripheral device
spd
software application
secured peripheral
secured
Prior art date
Application number
PCT/IB2017/001788
Other languages
English (en)
Inventor
Benoit Berthe
Original Assignee
Vandelay
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vandelay filed Critical Vandelay
Priority to PCT/IB2017/001788 priority Critical patent/WO2019130042A1/fr
Publication of WO2019130042A1 publication Critical patent/WO2019130042A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof

Definitions

  • the present disclosure relates to the field of secure access to computer systems, in particular to a method for controlling the integrity of a secured peripheral device by means of an electronic control device, a secured peripheral device and an electronic control device.
  • Many electronic systems for example the computer systems and the systems with human to machine interface (such as personal computer, smart TV, printers, video projectors, speakers, ...), have a number of ports for connecting various types of peripheral devices to interface with users, connect to other computer systems, and / or store data. The integrity of these computer systems may be lost by the physical connection to the ports of these systems of devices hosting malicious data.
  • USB Universal Serial Bus
  • USB ports are "multifunctional" universal ports in the sense that they can accept a whole range of devices of different types, such as network interfaces, USB memory-type storage devices, keyboards, mice, web cams, etc.
  • a malicious (or negligent) user using such a malicious peripheral device connected to a USB port of said sensitive computer system, can take (or lose) control, install viruses or record sensitive data from this sensitive computer system.
  • a malicious peripheral device may be a modified Webcam (usually identified by Class 06h in USB Protocol) configured to send to the computer system a substitute identifier (Class 05B identifying a keyboard in USB protocol).
  • a substitute identifier Class 05B identifying a keyboard in USB protocol.
  • the computer system will accept to load any software (such as drivers, software) that would be necessary to understand input strings from a keyboard, a command line, a computer program, etc.
  • this antivirus software would not detect anything, since for instance the sensitive computer system would not be able to detect whether the communication was established with a keyboard or with a malicious device.
  • patent application EP2659419A1 discloses a device for controlling access to a computer system, the device comprising at least one multifunction port configured to be connected to different categories of peripherals and an access interface configured to be connected to the computer system, access management tools connected between the multifunction port and the access interface; the access management tools being physically configured to authorize the access of the interface by means of a peripheral device connected to the multifunction port only if the device belongs to a device category that is specifically and permanently associated with the multifunction port to which it is connected.
  • the use of such device is advantageous in that only data stored on a peripheral that belongs to a predetermined category of peripherals may be read and imported to the computer system.
  • the sole authorized category may be that of the mass storage devices- that do not send any command.
  • the EP2659419A1 disclosed device is implemented as a cumbersome electronic card intended to be used as an interface between a computer system and universal peripherals in fixed installation. Therefore this solution is not suitable for the protection needs of users in a mobility situation (laptops, travel, etc.).
  • EP2659419A1 discloses that the authorized device categories are permanently associated with multifunction ports and permanently stored so that it is not possible to modify the firmware after the manufacturing of the device. This represents a weakness in that no update may be performed in case a vulnerability is discovered, nor when the device is mobile and therefore that it is likely not c
  • the EP2659419A1 system s access management tools act as an access control filter on the communication channel between the computer system and the device connected to the multifunction port.
  • a cyber attacker may still succeed in transmitting malicious data through this communication channel and / or to replace a piece of original hardware / firmware by a malicious hardware / firmware in order to emulate a fake authorized device and then modify the behavior of the access control filter.
  • an analysis tool may be provided to analyze and filter in real time the input data received through this communication channel. But this would require powerful computing resources and slow down the functioning of the computer system.
  • the present description relates to a secured peripheral device, comprising: one or more communication interfaces configured to be connected to an external electronic device; a communication interface configured to communicate through a bi-directional wireless communication link with a software application executed by an electronic control device and to implement a pairing process between the secured peripheral device and the electronic control device, wherein the software application is configured to communicate with a remote authentication server; a first microcontroller programmed by means of firmware instructions to: implement, through the wireless communication link and the software application, a challenge-response authentication process with the remote authentication server; receive, from the software application through the wireless communication link, one or more control messages, said one or more control messages comprising instructions to instruct said secured peripheral device to perform at least one operation through said one or more communication interfaces, wherein said one or more control messages are received once the pairing process is completed and only in case of a success of the challenge-response authentication process; perform said at least one operation; and send, to the software application through the wireless communication link, at least one response
  • the present description relates to an electronic control device comprising: a communication interface configured to communicate through a bi-directional wireless communication link with a secured peripheral device and to implement a pairing process between the secured peripheral device and the electronic control device, wherein the secured peripheral device comprises one or more communication interfaces configured to be connected to an external electronic device; at least one processor configured to execute a software application.
  • the software application is configured to establish a communication link with a remote authentication server; establish a wireless communication link with a secured peripheral device; implement a challenge-response authentication process between the secured peripheral device and the remote authentication server, wherein the software application is used as a communication relay between the secured peripheral device and the remote authentication server for the implementation of the challenge-response authentication process; receive from the remote authentication server an information representative of a success or failure of the challenge-response authentication process; send, after completion of the pairing process and in case of success of the challenge-response authentication process, to the secured peripheral device through the wireless communication link, one or more control messages, wherein said one or more control messages comprises instructions to instruct said secured peripheral device to perform at least one operation through said one or more communication interfaces; receive, from the secured peripheral device through the wireless communication link, at least one response message regarding said at least one operation.
  • the present description relates to a method for controlling the integrity of a secured peripheral device.
  • the method is intended to be performed by the secured peripheral device.
  • the secured peripheral device comprises one or more communication interfaces configured to be connected to an external electronic device.
  • the method comprises establishing a wireless communication link with a software application executed by an electronic control device, wherein the software application is configured to communicate with a remote authentication server; implementing a pairing process between the secured peripheral device and the electronic control device through the wireless communication link; implementing, through the wireless communication link and the software application, a challenge-response authentication process with the remote authentication server; receiving, from the software application through the wireless communication link, one or more control messages, said one or more control messages comprising instructions to instruct said secured peripheral device to , perform at least one operation through said one or more communication interfaces, wherein said one or more control messages are received once the pairing process is completed and only in case of a success of the challenge-response authentication process; performing said at least one operation; and sending, to the software application through the wireless communication link, at least one response message regarding said at least one operation.
  • the present description relates to a method for controlling the integrity of a secured peripheral device.
  • the method is intended to be performed by a software application executed by an electronic control device.
  • the secured peripheral device comprises at least one communication interface configured to be connected to an external electronic device.
  • the method comprises: establishing a communication with a remote authentication server; establishing a wireless communication link with the secured peripheral device; implementing a pairing process between the secured peripheral device and the electronic control device through the wireless communication link; implementing a challenge-response authentication process between the secured peripheral device and the remote authentication server, wherein the software application is used as a communication relay between the secured peripheral device and the remote authentication server for the implementation of the challenge- response authentication process; receiving from the remote authentication server an information representative of a success or failure of the challenge-response authentication process; sending, after completion of the pairing process and in case of success of the challenge-response authentication process, to the secured peripheral device one or more control messages, said one or more control messages comprising instructions to instruct said secured peripheral device to perform at least one operation through said one or more communication interfaces; receiving, from the secured peripheral device through the wireless communication link, at least one response message regarding said at least one operation.
  • FIG.1 shows a computer system in accordance with one or more embodiments
  • FIG. 2A shows a secured peripheral device SPD in accordance with one or more embodiments
  • FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments
  • FIG. 3 A shows a flow chart of a method for configuring a secured peripheral device in accordance with one or more embodiments
  • FIG. 3B shows a flow chart of a method for controlling the integrity of a secured peripheral device in accordance with one or more embodiments
  • FIG. 3C shows a flow chart of a method for implementing a challenge-response authentication process in accordance with one or more embodiments
  • FIG. 4A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments
  • FIG. 4B shows a flow chart of a method for deleting one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments
  • FIG. 4C shows a flow chart of a method for creating one or more data containers of a secured peripheral device connected to an electronic host device in accordance with one or more embodiments
  • FIG. 5A shows a flow chart of a method for reading data stored on a data storage peripheral device from an electronic host device through a secured peripheral device in accordance with one or more embodiments
  • FIG. 5B shows a flow chart of a method for writing data from an electronic host device to a data storage peripheral device through a secured peripheral device in accordance with one or more embodiments
  • FIG. 6A shows a flow chart of a method for providing access to one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments
  • FIG. 6B shows a flow chart of a method for performing an operation on one or more data containers of a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments
  • FIG. 7A-7C show flow charts of a method for copying data from a data storage peripheral device to a secured peripheral device not connected to an electronic host device in accordance with one or more embodiments.
  • identical elements are indicated by the same references.
  • the embodiments disclosed herein by reference to the figures, can be implemented independently of any other embodiments and several embodiments can be combined in various ways.
  • peripheral devices e.g. USB data storage devices
  • FIG. 1 illustrates schematically an example computer system 100 in which the various technologies and techniques described herein may be implemented.
  • the computer system 100 includes an electronic control device ECD, an electronic host device EHD, a secured peripheral device SPD, a data storage peripheral device DPD and a remote authentication server RAS.
  • the electronic control device ECD, the electronic host device EHD, the secured peripheral and / or the data storage peripheral device DPD device SPD may be used by a user Ul .
  • the remote authentication server RAS may be implemented as a single hardware device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments.
  • the remote authentication server RAS may also be implemented within a cloud computing environment.
  • the electronic control device ECD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments.
  • the electronic control device ECD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.
  • the electronic host device EHD may be implemented as a single hardware device, for example in the form of a desktop personal computer (PC), a laptop, a personal digital assistant (PDA), a smartphone, a server, a mobile device or may be implemented on separate interconnected hardware devices connected one to each other by a communication link, with wired and/or wireless segments.
  • the electronic host device EHD generally operates under the control of an operating system and executes or otherwise relies upon various computer software applications, components, programs, objects, modules, data structures, etc.
  • the data storage peripheral device DPD may be implemented as a single hardware device.
  • the data storage peripheral device DPD may be a USB device.
  • the data storage peripheral device DPD may be in the form of data storage key, a USB memory, a USB key, USB stick, USB drive, etc.
  • the data storage peripheral device DPD may be a third-party storage device whose security / integrity can not be verified by the user U1.
  • the secured peripheral device SPD may be implemented as a single hardware device.
  • the secured peripheral device SPD may be a USB device.
  • the secured peripheral device SPD may be in the form of a data storage key, a USB memory, a USB key, USB stick, USB drive, etc.
  • the secured peripheral device SPD is a self-powered peripheral device, comprising for example a battery or other energy source, and may be used without being connected to any host device.
  • the secured peripheral device SPD is configured to provide protection against“BadUSB” security failure, both as a self-protection and a protection against third-party devices, like the data storage peripheral device DPD.
  • the secured peripheral device SPD is a device that provides its own security functions, including integrity check and authentication, and whose data access functionalities, communication functionalities and capacities are controlled and managed by the software application on the electronic control device ECD.
  • the communication functions through the multifunction communication interfaces is dependent on the success of an authentication of the secured peripheral device.
  • the authentication of the secured peripheral device may be part of or be performed after a pairing process between the electronic control device ECD and the secured peripheral device SPD.
  • a data access function may correspond to one or more data access operations such as reading data blocks, writing data blocks, mounting a file system, obtaining descriptive data of a file system or one or more data files or data container, amending access right(s) of data files, etc.
  • Descriptive data may include any attribute of a data file or data container, including a file name, file extension, access rights, size of data file, keywords, editing date, creation date, etc.
  • the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only in the presence and / or proximity (e.g. presence in the wireless detection zone) of the electronic control device ECD with which the secured peripheral device is paired. In one or more embodiments, the secured peripheral device SPD is configured to communicate through the multifunction communication interfaces only as long as the communication link L3 is operatively active and is configured to interrupt any communication through the multifunction communication interfaces when the communication link L3 is interrupted.
  • the secured peripheral device SPD is configured to communicate with the electronic host device EHD through a communication link LI .
  • the communication link Ll may be a USB (Universal Serial Bus) link.
  • a USB port e.g. a male USB port
  • a USB cable may be used to connect the secured peripheral device SPD to the electronic host device EHD.
  • Any other communication link may be used, for example a wired or wireless communication link.
  • a wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc.
  • a wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc.
  • communication link Ll is a USB communication link.
  • the data storage peripheral device DPD is configured to communicate with the secured peripheral device SPD through a communication link L2.
  • The. communication link L2 may be a USB (Universal Serial Bus) communication link.
  • a USB port e.g. a male USB port
  • a USB port e.g. a female USB port
  • a USB cable may be used to connect the secured peripheral device SPD to the secured peripheral device SPD.
  • Any other communication link may be used, for example a wired or wireless communication link.
  • a wired communication link may be based on communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc.
  • a wireless communication link may be based on communication protocol such as Bluetooth ®, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc.
  • communication link L2 is a USB communication link.
  • the electronic control device ECD is configured to communicate with the secured peripheral device SPD through a wired or wireless communication link L3.
  • the communication link is a bi-directional communication link.
  • the communication link L3 is a Bluetooth ® communication link. Any other communication link may be used.
  • a wired communication link may be compliant with a communication protocol such as Ethernet, Lightning, Firewire, RS232, RS432, etc.
  • a wireless communication link may be based on communication protocol such as Bluetooth, Wifi, Lifi, NFC (Near Field Communication), GSM (Global System for Mobile Communication), etc. In the following description, it will be assumed that the communication link L3 is wireless communication link, compliant for example with Bluetooth ®.
  • the electronic control device ECD is configured to communicate with the remote authentication server through a communication link L4.
  • the communication link L4 is implemented through a telecommunication network.
  • the telecommunication network may be any data transmission network, for example a wired (coaxial cable, fiber, twisted pair, DSL cable, etc.) or wireless (radio, infrared, cellular, microwave, etc.) network, a local area network (LAN), internet area network (IAN), metropolitan area network (MAN) or wide area network (WAN) such as the Internet, a public or private network, a virtual private network (VPN), a telecommunication network with data transmission capabilities, a single radio cell with a single connection point like a Wifi or Bluetooth ® cell, etc.
  • LAN local area network
  • IAN internet area network
  • MAN metropolitan area network
  • WAN wide area network
  • VPN virtual private network
  • telecommunication network with data transmission capabilities a single radio cell with a single connection point like a Wifi or Bluetooth ® cell, etc.
  • FIG. 2A shows a secured peripheral device SPD in accordance with one or more embodiments.
  • the secured peripheral device SPD comprises a flash memory MEM, a communication interface BT1, one or more multifunction communication interfaces USB1, USB2, one or more microcontrollers MCI, MC2, and a power supply 210 (e.g. a battery).
  • the flash memory MEM is configured to store ciphered firmware update 221, a default data partition 222.
  • the flash memory MEM is configured to store a plurality 223 of data containers PI, P2, P3.
  • the data containers PI, P2, P3 are user data containers.
  • a user data container is a data container suitable for storing user data (e.g. data files generated by a software used by a user). The user data may be private or professional data and a data container may be dedicated to professional data storage only or to private data storage only.
  • a data container is data partition.
  • a data container is an archive file for archiving data files, and may be compressed or not.
  • a data container is a file folder of a file system.
  • the communication interface BT1 includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the communication interface BT1.
  • hardware e.g. one or more communication ports, circuitry, optical and / or electronic components, etc
  • firmware and / or software or any combination thereof is configured to implement the communication functions described herein for the communication interface BT1.
  • the communication interface BT1 is configured to communicate through the wireless communication link L3 with the electronic control device ECD.
  • the communication protocol used by the communication interface BT1 implements pairing process with each electronic device such that a communication through the wireless communication link L3 is enabled only is the pairing process is successful.
  • the communication link L3 may be a wired or wireless communication link and the communication interface BT1 is communication interface suitable for communicating through communication link L3 and compliant with the associated communication protocol.
  • the communication interface BT1 is a Bluetooth ® interface.
  • the multifunction communication interface USB1 USB1
  • USB2 includes hardware (e.g. one or more communication ports, circuitry, optical and / or electronic components, etc), firmware and / or software or any combination thereof and is configured to implement the communication functions described herein for the multifunction communication interface USB1 (respectively USB2).
  • the first multifunction communication interface USB 1 is configured to be connected to an electronic host device electronic host device EHD through the communication link LI .
  • the second multifunction communication interface USB2 is configured to be connected to a data storage peripheral device DPD through the communication link L2.
  • the multifunction communication interfaces USB1 or USB2 is a USB (Universal Serial Bus) communication interface.
  • the multifunction communication interface USB1 includes a male USB connector and the multifunction communication interface USB2 includes a female USB connector.
  • the communication link LI (respectively L2) may be a wired or wireless communication link and the multifunction communication interface USB1 (respectively USB2) is communication interface suitable for communicating through communication link L 1 (respectively L2) and compliant with the associated communication protocol.
  • the microcontroller MCI (respectively MC2) includes hardware (e.g. circuitry, optical and / or electronic components, etc), is configured (e.g. programmed) by means of firmware and / or software instructions and is configured to implement the functions described herein for the microcontroller MCI (respectively MC2).
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to access to the Flash memory MEM and to the one or more data containers PI, P2, P3 stored therein.
  • the microcontroller MC1 and / or the microcontroller MC2 is (are) configured to implement security management functions in order to secure and control the communication and the data access to / from the secured peripheral device SPD through the one or more multifunction communication interfaces USB1, USB2.
  • the security management functions may include authentication functions, communication control functions, encryption functions, filtering functions, etc.
  • the microcontroller MCI and / or the microcontroller MC2 includes an embedded cryptographic unit configured to implement ciphering / deciphering functions, thus enabling accelerated execution of these ciphering / deciphering functions.
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement the security management functions under the control of the electronic control device ECD, e.g. under the control of a specific software application, also referred to therein as the security control application APP, executed by the electronic control device ECD.
  • the security control application APP a specific software application
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to receive (respectively send) messages (respectively to) the security control application APP of the electronic control device ECD through the wireless communication link L3.
  • the messages are ciphered by the emitting entity and deciphered by the receiving entity and the microcontroller(s) MC1 , MC2 share(s) one or more encryption keys with the security control application APP.
  • the messages may include information and / or instructions for instructing the microcontroller(s) MCI, MC2 to perform one or more operations.
  • the messages may encryption keys, data, parameters and / or other information.
  • the one or more multifunction communication interfaces USB1, USB2 are configured to be connected to an external electronic device (e.g. the data storage peripheral device DPD or electronic host device EHD).
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement, under the control of the security control application APP, communication functions and / or data access functions through the one or more multifunction communication interfaces USB 1 , USB2 to / from the secured peripheral device SPD.
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured for example to wait for predetermined control messages before performing any data container access function or communication function through the first and second multifunction communication interfaces USB1, USB2.
  • the microcontrollers MCI, MC2 do not perform the corresponding communication operation or data access operation.
  • the microcontrollers MC1, MC2 do not access to a file system of a data storage peripheral device DPD connected to the second multifunction communication interfaces USB2 and the microcontrollers MCI, MC2 are not responsive to requests according to the USB protocol received through the first multifunction communication interfaces USB 1.
  • the control messages are sent by the software application APP to the secured peripheral device SPD and comprise instructions for instructing the secured peripheral device SPD (i.e. the microcontroller(s) MCI, MC2) to perform one or more operations in accordance with the instructions.
  • the microcontroller(s) MCI, MC2 is (are) configured to receive, from the software application APP through the wireless communication link L3, one or more control messages.
  • the control messages comprise instructions to instruct the secured peripheral device SPD to perform one or more operations (e.g. communication operations or data access operations) through the one or more communication interfaces USB1 , USB2.
  • the microcontroller(s) MCI, MC2 is (are) configured to send, to the software application APP through the wireless communication link (L3), at least one response message (e.g. feedback message, information message, status message, etc.) in response to the control message, for example a message regarding the requested operation (e.g. regarding the completion or a result of the operation). Examples of operations performed under the control of the software application APP are described for example by reference to FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C.
  • control messages are sent by the software application
  • the microcontroller MC 1 and / or the microcontroller MC2 is (are) responsive to messages from the software application APP to control the transition from a connected state, in which the communications through the first and / or second multifunction communication interfaces USB1, USB2 are operative (authorized), to a locked state, in which the communications through the multifunction communication interfaces USB1, USB2 are not operative (forbidden or blocked) or conversely from the locked state to the connected state.
  • performing a data access operation comprises a data access operation on one or more data containers of the secured peripheral device SPD.
  • a list of data containers is built by the secured peripheral device SPD (by one or the microcontroller(s) MCI, MC2) and sent to the software application APP through the wireless communication link L3. A user of the software application APP may then select a data container on which the data access operation has to be performed.
  • performing a data access operation comprises opening a selected data container of the secured peripheral device SPD. If the selected data container is a ciphered container PI, performing a data access operation on the selected data container comprises receiving from the software application APP through the wireless communication link L3 a control message including an encryption key KP1 associated with the selected ciphered container PI , extracting the encryption key KP1 from the control message; deciphering the ciphered container using the extracted encryption key and providing descriptive data (e.g. file names and attributes) of the content of data container to the software application APP through the wireless communication link L3. Further aspects and embodiments are described by reference to FIG. 6A.
  • one or more data files may be copied to (respectively from) the data container from (or respectively to) an external electronic device (electronic host device EHD or data storage peripheral device DPD) connected to one of the multifunction communication interfaces USB1, USB2.
  • an external electronic device electronic host device EHD or data storage peripheral device DPD
  • a list of data files is built by the secured peripheral device SPD (by one or the microcontroller(s) MCI, MC2) and sent to the software application APP through the wireless communication link L3.
  • a user of the software application APP may then select a one or more data file which have to be copied. Further aspects and embodiments are described by reference to FIG. 6B.
  • performing a data access operation comprises providing access to one or more data containers PI, P2, P3 of the secured peripheral device SPD through at least one of the multifunction communication interfaces USB1, UBS2 from the electronic host device EHD and / or copying one or more data files from one or more data containers PI, P2, P3 to the electronic host device EHD.
  • Providing access to one or more data containers Pl, P2, P3 may comprise mounting a file system for the one or more data containers Pl, P2, P3 and sending descriptive data of the mounted first file system to the electronic host device EHD through the first communication interface USB1. Further aspects and embodiments are described by reference to FIGS. 4A-4C.
  • performing a data access operation comprises accessing to the data storage peripheral device DPD through the second communication interface USB2 from the secured peripheral device SPD and / or copying one or more data files from the external data storage peripheral device DPD to at least one data container Pl, P2, P3 of the secured peripheral device SPD.
  • performing a data access operation comprises mounting a file system to get access to data files stored in the data storage peripheral device DPD through the third communication interface USB2 from the secured peripheral device SPD. Further aspects and embodiments are described by reference to FIGS. 7A-7C.
  • the microcontroller MCI and / or the microcontroller MC2 is configured to implement, through the wireless communication link L3, the electronic control device ECD and the communication link L4, a challenge-response authentication process between the secured peripheral device SPD and the remote authentication server RAS.
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to implement data encryption functions using one or more encryption keys.
  • the microcontroller MCI and / or the microcontroller MC2 is (are) configured to receive and send data through the first multifunction communication interface USB1 (or respectively USB2) in accordance with a first communication protocol.
  • the first communication protocol may be the USB protocol.
  • the microcontroller MCI (respectively MC2) is configured to receive / send data from / to the other microcontroller MC2 (respectively MCI) in accordance with a second communication protocol, distinct from the first communication protocol.
  • the second communication protocol may be the SPI (Serial Peripheral Interface) protocol or any other serial wired communication protocol like I2C, RS232, TTL, etc.
  • the microcontroller MCI (respectively MC2) is configured to implement a protocol translation from the first communication protocol to the second communication protocol and from the second communication protocol to the first communication protocol.
  • the protocol translation is implemented by the microcontroller MC 1 (respectively MC2) from the first communication protocol to the second communication protocol for messages received through the multifunction communication interfaces USB1 (respectively USB2) and to be sent to the other microcontroller MC2 (respectively MCI).
  • the protocol translation is implemented by the microcontroller MCI (respectively MC2) from the second communication protocol to the first communication protocol for messages received from the other microcontroller MC2 (respectively MCI) and to be sent to the multifunction communication interfaces USB1 (respectively USB2).
  • the first multifunction communication interface USB1 is connected to,the electronic host device EHD and the second multifunction communication interface USB 1 is connected to the data storage peripheral device DPD.
  • the secured peripheral device SPD may then be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the external data storage peripheral device DPD to the electronic host device EHD.
  • the first microcontroller MCI may be configured to receive from the electronic host device EHD through the first communication interface USB 1 a read command according to a first communication protocol, wherein the read command comprises instructions for performing a copy of the one or more selected data files from the data storage peripheral device DPD to the electronic host device EHD.
  • the first microcontroller MCI may be configured to translate the read command into a translated read command according to the second communication protocol and to forward the translated read command to the second microcontroller MC2.
  • the second microcontroller MC2 may be configured to translate the translated read command into a second translated read command according to the first communication protocol and to forward the second translated read command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5A.
  • the secured peripheral device SPD may be used as a physical interface through which one or more selected data files (e.g. data files selected by a user) are copied from the electronic host device EHD to the external data storage peripheral device DPD.
  • the first microcontroller MCI may be configured to receive from the electronic host device EHD through the first communication interface USB1 a write command according to a first communication protocol, wherein the write command comprising instructions for performing a copy of one or more selected data files from the electronic host device EHD to the data storage peripheral device DPD.
  • the first microcontroller MCI may be configured to translate the write command into a translated write command according to the second communication protocol and to forward the translated write command to the second microcontroller MC2.
  • the second microcontroller MC2 may be configured to translate the translated write command into a second translated Write command according to the first communication protocol and to forward the second translated write command to the data storage peripheral device DPD through the second communication interface USB2. Further aspects and embodiments are described by reference to FIG. 5B.
  • the microcontroller MC2 is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, the predetermined operations comprising a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the data storage peripheral device DPD and a copy of one or more memory blocks from the data storage peripheral device DPD to the secured peripheral device SPD.
  • the microcontroller MC2 is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.
  • the first microcontroller MCI is programmed by means of firmware instructions to be responsive only to commands according to the first communication protocol comprising instructions for implementing predetermined operations on a peripheral device belonging to predetermined peripheral categories, and the predetermined operations include only a copy of one or more memory blocks related to one or more predetermined peripheral categories from secured peripheral device SPD to the electronic host device EHD and a copy of one or more memory blocks from the electronic host device EHD to the secured peripheral device SPD.
  • the first microcontroller MC1 is not responsive to a command according to the first communication protocol for other operations or for an operation on a peripheral device belonging to other peripheral categories.
  • USB2 is a USB interface, only data packets from / to peripheral devices belonging to the peripheral category“USB mass storage class” may be copied.
  • the microcontroller MCI (respectively MC2) is simply not responsive as it is not programmed to perform any action.
  • the microcontroller MC1 or MC2 may thus only communicate with storage devices and which provides a barrier essential hardware since there is no library or driver to interpret any other data. This barrier is safer than a software barrier that would allow certain types of devices to have access to certain functions.
  • FIG. 2B shows an electronic control device ECD in accordance with one or more embodiments.
  • the electronic control device ECD comprises one or more processors 240, memory 241 , a wireless communication interface 244, other associated hardware such as input/output interfaces 242 (e.g. device interfaces such as USB interfaces, network interfaces) and a user interface 243 (incorporating for example one or more user input/output devices, e.g., a keyboard, a pointing device, a display screen, etc) to interact with a user Ul .
  • input/output interfaces 242 e.g. device interfaces such as USB interfaces, network interfaces
  • user interface 243 incorporating for example one or more user input/output devices, e.g., a keyboard, a pointing device, a display screen, etc
  • the memory 241 of the electronic control device ECD may include a random-access memory (RAM), cache memory, non-volatile memory, backup memory (e.g., programmable or flash memories), read-only memories, secured storage (e.g. keystore) or any combination thereof.
  • RAM random-access memory
  • non-volatile memory non-volatile memory
  • backup memory e.g., programmable or flash memories
  • read-only memories e.g. keystore
  • Each processor 240 of the electronic control device ECD may be any suitable microprocessor, microcontroller, integrated circuit, or central processor (CPU) including at least one hardware-based processor or processing core.
  • the memory 241 of the electronic control device ECD may contain computer program instructions which, when executed by the processor 240, cause the electronic control device ECD to perform one or more method described herein for a electronic control device ECD.
  • the processor 240 may be configured to access to the memory 241 for storing, reading and/or loading computer program instructions or software code that, when executed by a processor, causes the processor to perform one or more method steps described herein for the software application APP and / or the electronic control device ECD.
  • the processor 240 may be configured to use the memory 241 when executing the steps of a method described herein for the software application APP and / or the electronic control device ECD, for example for loading computer program instructions and for storing data generated during the execution of the computer program instructions.
  • the electronic control device ECD is configured to execute computer program instructions of a software application APP (also referred to as“security control application APP”) that, when executed by the processor of the electronic control device ECD, causes the processor to perform one or more method steps described herein for the electronic control device ECD.
  • the software application APP is configured to communicate with a remote authentication server RAS via the communication link L4 and to communicate with the secured peripheral device SPD through the wireless communication link L3.
  • the electronic control device ECD comprises a secure storage tool SS for storing encryption keys.
  • a key storage tool SS that is configured to provide access to the stored encryption keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc) may be used.
  • one or more data containers PI , P2, P3 of the data containers are provided.
  • the software application APP is configured to store an associated encryption key KP1, KP2, KP3 for each ciphered data container PI, P2, P3.
  • the associated encryption key KP1, KP2, KP3 is intended to be used by the secured peripheral device SPD to decipher the corresponding data container PI, P2, P3 and / or the data files stored in the corresponding data container PI, P2, P3.
  • the encryption keys KP1, KP2, KP3 are stored in the secure storage tool SS and retrieved from the secure storage tool SS by the software application APP.
  • each of the encryption keys KP1 , KP2, KP3 are stored in the secure storage tool SS in association with an identifier allocated by the secured peripheral device SPD to the corresponding the data container PI, P2, P3.
  • FIG. 3A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD, a factory configuration tool PRG and a remote authentication server RAS according to any embodiment described herein
  • FIG. 3A shows a method for configuring a secured peripheral device SPD in accordance with one or more embodiments.
  • a factory configuration tool PRG (not represented) is configured to communicate through the debugging interfaces of the microcontrollers and to generate data and/or instructions to be stored on the secured peripheral device SPD.
  • a bootloader is generated for the secured peripheral device SPD.
  • the bootloader is configured to load the firmware of the hardware components of the secured peripheral device SPD.
  • the bootloader includes a device authentication key KA.
  • the bootloader includes a firmware encryption key KF.
  • the bootloader includes an initial pairing code PN.
  • the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN are stored in a ciphered storage memory space of one of the microcontrollers MCI, MC2.
  • Step 301 a firmware is generated at factory stage for the secured peripheral device
  • the firmware is not ciphered and not signed.
  • the firmware of the secured peripheral device SPD includes a firmware for each microcontroller MCI, MC2, a firmware for each multifunction communication interface USB1, USB2 and a firmware for the communication interface BT1.
  • Step 302 the bootloader generated in step 300 and the firmware generated in step 301 are injected into a flash memory MEM of the secured peripheral device SPD.
  • the injection may be performed using any appropriate configuration tool, for example through a SWD (Serial Wire Debug) / UART (Universal Asynchronous Receiver/Transmitter) connection.
  • SWD Serial Wire Debug
  • UART Universal Asynchronous Receiver/Transmitter
  • Step 303 an acknowledgement is received by the factory configuration tool PRG for confirming the safe receipt of the firmware and bootloader data in the flash memory MEM.
  • Step 304 a test process is implemented to check the firmware and bootloader data stored in the flash memory MEM.
  • Step 305 upon success of the test process performed in step 304, the debugging interfaces of the microcontrollers MCI, MC2 are disabled. As a consequence, the update of the firmware of the secured peripheral device SPD will only be possible by using the bootloader. In addition, the extraction of the device authentication key KA, the firmware encryption key KF and / or the initial pairing code PN will not be possible through the debugging interfaces.
  • a secure update of the firmware may be implemented during which a ciphered firmware update of one or more hardware components is received through a communication interface (e g. the communication interface BT1) of the secured peripheral device SPD and the firmware update is deciphered using the firmware encryption key KF.
  • each identifier SN1, SN2, SN3 is an identifier of a hardware component of the secured peripheral device SPD.
  • an identifier SN1, SN2, SN3 may be a serial number of one of the microcontroller MCI, MC2, a serial number of the multifunction communication interface USB1, USB2, a serial number of the communication interface BT1, a serial number of the memory MEM of the secured peripheral device secured peripheral device SPD.
  • one single identifier SN is used which is generated by combining two or more identifiers SN1, SN2, SN3 of hardware components of the secured peripheral device SPD.
  • Step 306 the device authentication key KA, the firmware encryption key KF and the identifiers SN1, SN2, SN3 are stored in association in a database by the remote authentication server RAS.
  • the device authentication key KA, the firmware encryption key KF and the one or more identifiers SN1, SN2, SN3 are thus shared by the remote authentication server RAS and the secured peripheral device SPD.
  • FIG. 3B represents a flowchart of a method according to an example implementation.
  • FIG.3B shows a method for controlling the integrity of a secured peripheral device SPD in accordance with one or more embodiments.
  • a pairing process is implemented between the secured peripheral device SPD and the electronic control device ECD in steps 310-312.
  • a challenge response process is implemented between the secured peripheral device SPD and the remote authentication server RAS in steps 314-317.
  • the challenge response process is implemented after successful completion of the pairing process. For the first execution of steps 310-317, the secured peripheral device SPD is assumed to be not connected to the electronic host device EHD.
  • the first microcontroller MCI is configured (e.g. programmed) to implement, on secured peripheral device SPD side, the challenge-response authentication process with the remote authentication server RAS.
  • the firmware of the first microcontroller MCI may include a security management unit configured to implement the challenge-response authentication process with the remote authentication server RAS.
  • the wireless communication interface [0093] In the example described by reference to FIG. 3B, the wireless communication interface
  • the pairing process may be for example a secure pairing process under Bluetooth Low Energy 4.2.
  • Step 310 the software application APP is started on the electronic control device ECD.
  • the software application APP triggers a search for Bluetooth ® devices in the detection zone of the Wireless communication interface 244 of the electronic control device ECD.
  • Step 31 assuming the secured peripheral device SPD is in the detection zone of the
  • Wireless communication interface 244, the secured peripheral device SPD is detected.
  • a user interface of the software application APP is presented to the user U 1 to allow him to enter a pairing code of the detected secured peripheral device SPD.
  • This pairing code may for example be printed on a sticker and / or on a packaging associated with the secured peripheral device SPD or provided to the user with the secured peripheral device SPD in any other manner, for example by electronic mail, by paper mail, by SMS (Short Message Service), by displaying the pairing code on a LCD screen, etc. If a secure pairing process under Bluetooth Low Energy 4.2 is used, the pairing code may be a passkey with 6 digits. The pairing code inputted by the user is then sent to the secured peripheral device SPD.
  • Step 312 the pairing code received from the electronic control device ECD is compared to the initial pairing code PN stored in Step 300 in the secured peripheral device SPD. In case of match, the pairing process successfully completes, authorizing those two devices to communicate with each other through the Bluetooth ® link L3.
  • the steps 314-317 described below are implemented only if the pairing process is successfully completed. In case of failure of the pairing process, steps 310-312 have to be executed again before the challenge-response 313-317 is implemented.
  • any next pairing process (next execution of the pairing process in steps 310-312) will be based on a pairing code randomly generated by the secured peripheral device SPD (e.g. in case that the electronic control device ECD has been lost or renewed, or if the user U1 deletes the pairing parameters from the electronic control device ECD or if there are too many unsuccessful pairing attempts).
  • the pairing process based on a random pairing code may be performed as follows.
  • the secured peripheral device SPD generates a random pairing code, inserts the random pairing code in a data file, stores the data file in the memory MEM on a default data partition 222 (see FIG. 2A) which is mounted by default and is accessible through the communication interface UBS1 or UBS2 upon connection of the secured peripheral device SPD to the electronic host device electronic host device EHD.
  • the data stored in other data containers (for example in the data containers PI, P2, P3 (223)) of the memory MEM, outside this data partition 222, mounted by default are however not accessible at this stage.
  • the content of the data file may then be viewed by the user U1 by connecting the secured peripheral device SPD to the electronic host device EHD and then the random pairing code is provided by the user U1 to the software application APP which sends (step 311) the received random pairing code to the secured peripheral device SPD for verification (step 312).
  • the embodiments with the pairing code randomly generated by the secured peripheral device SPD may also be used following the detection of a suspicious activity.
  • steps 310-312 have to be executed again before the challenge- response 313-317 is implemented.
  • the pairing process once the pairing process has been successfully performed, the communication between the software application and the secured peripheral device SPD is authorized and steps 313-317 are performed. If the pairing process is not successful, the steps 313-317 are not executed and a new pairing process has to be implemented by executing again steps 310-312.
  • Step 313 a communication link L4 between the remote authentication server RAS and the software application APP of the electronic control device ECD is established.
  • the data sent through the communication link L4 are ciphered.
  • Step 314 the communication between the software application and the secured peripheral device SPD is started and secured.
  • the software application APP sends a message M314 to the secured peripheral device SPD including a key encryption key KK to be used for ciphering encryption keys.
  • an asymmetric ciphering scheme is used (e.g. RSA, Rivest-Shamir-Adleman ciphering) and a pair of keys is generated by the software application APP, the pair of keys comprising a public key KK PUB and a private key KK PRI suitable for asymmetric ciphering.
  • Step 315 a challenge response authentication process between the secured peripheral device SPD and the remote authentication server RAS is implemented through the software application APP and the communication links L4 and L3.
  • the software application APP is configured to relay messages between the secured peripheral device SPD and the remote authentication server RAS.
  • the challenge response authentication process may be implemented as described below by reference to FIG. 3C.
  • Step 316 the software application APP receives from the remote authentication server- RAS a message M316 indicative of the success or failure of the challenge-response authentication process.
  • Step 317 in case of success, an information message is displayed on a user interface of the software application to inform a user that the pairing and authentication are successful. In one or more embodiments, in case of failure, an information message is displayed on a user interface of the software application APP to inform the user U1 that the secured peripheral device SPD seems to be corrupted and / or cannot be used.
  • the wireless communication link L3 with the secured peripheral device SPD is terminated by the software application APP, the key encryption key KK received in step 314 by the software application APP is deleted and the received pairing code is also deleted.
  • the software application APP communicating (e.g. for sending / receiving commands) with the secured peripheral device SPD and force the pairing process and challenge-response authentication process to be started again: Steps 310-317 will have to be executed again.
  • the secured peripheral device SPD (e.g. at least one of the microcontrollers MCI, MC2) is configured to wait for a predetermined control message (e.g. M331, step 331 , see FIG. 4A or M611 , step 611 , see FIG. 6A) from the software application APP through the wireless communication link L3 before starting providing access to one or more data container PI, P2, P3 and / or before starting receiving / sending data through the one or more communication interfaces USB1, USB2 and / or before performing a corresponding communication operation / data access operation as described herein.
  • a predetermined control message e.g. M331, step 331 , see FIG. 4A or M611 , step 611 , see FIG. 6A
  • the predetermined control message is received by the secured peripheral device SPD only after a success of the challenge-response authentication process and in case of failure of the challenge-response authentication process, the predetermined control message is not send in order to prevent any communication through the first multifunction communication interface USB1, USB2 of the secured peripheral device SPD.
  • the predetermined control message is sent by the software application APP only in response to an action of a user on a user interface of the software application APP to allow an access to data containers of the secured peripheral device SPD.
  • the software application APP is configured to determine whether one or more additional conditions are met before sending one or more predetermined control message to trigger one or more communication operations and / or data access operations through the communication interfaces USB1, USB2 (e.g. through the communication links LI, L2 - only if these one or more additional conditions are met.
  • An additional condition may be that an explicit authorization is given by the user U1 of the electronic control device ECD on a user interface of the software application APP.
  • An additional condition may be that the communication through the wireless communication link L3 with software application APP is operatively active (not interrupted, defective, deactivated or otherwise not operative).
  • An additional condition may be that the secured peripheral device SPD is currently in the detection zone of the Wireless communication interface 244 of the electronic control device ECD.
  • An additional condition may be that the secured peripheral device SPD is currently paired (the pairing process is successfully completed) through the Wireless communication interface 244 with the electronic control device ECD.
  • An additional condition may be that the secured peripheral device SPD is not in the detection zone of the Wireless communication interface 244 of the electronic control device but has left this detection zone less than one hour, one day or any other predefined time period ago, assuming that this predefined time period have been configured by the user on the user interface of the software application APP during an operatively active connection with between the electronic control device ECD and the secured peripheral device SPD. Any logical combination of these example additional conditions may be used.
  • the software application APP executed on the electronic control device ECD may be configured to send to the secured peripheral device SPD a control message to trigger a communication operation / data access operation through the communication interfaces USB1, USB2 and / or an operation to access to one or more data containers.
  • the control message may be sent in response to an action performed by the user U1 of the electronic control device ECD on a user interface of the software application APP.
  • the software application APP is configured to send a lock to the secured peripheral device SPD through the wireless communication link L3 and the microcontroller(s) MC 1 / MC2 is (are) configured to interrupt a pending communication operation or pending data access operation upon receipt of a lock command from the software application APP.
  • the lock command may be sent in response to an action performed by the user U1 of the electronic control device ECD on a user interface of the software application APP.
  • the microcontroller(s) MCI, MC2 is (are) configured to interrupt each pending operation (communication operation and / or data access operation) performed through the one or more communication interfaces USB1, USB2 after a time period upon detection of an interruption of the communication with the software application APP through the wireless communication link (L3).
  • the microcontroller(s) MCI, MC2 is (are) configured to receive, from the software application APP through the communication link L3, a configuration message that sets a duration for this time period.
  • FIG. 3C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD, an electronic control device ECD and a remote authentication server RAS according to any embodiment described herein.
  • FIG. 3C shows a method for implementing a challenge-response authentication process between a secured peripheral device SPD and a remote authentication server RAS in accordance with one or more embodiments.
  • the challenge-response authentication process is used to control the integrity of at least one hardware component of the secured peripheral device SPD.
  • the challenge-response authentication process is implemented through the wireless communication link L3 and the software application APP of the electronic control device ECD.
  • the challenge-response authentication process is based one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD and a device authentication key KA shared by the secured peripheral device SPD and the remote authentication server RAS.
  • Step 320 the software application APP of the electronic control device ECD sends a message M320 to the secured peripheral device SPD to request one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD.
  • the secured peripheral device SPD sends a response message M321 to the message M320 received in step 320.
  • the response message M321 includes one or more identifiers SN1, SN2, SN3 identifying one or more hardware components of the secured peripheral device SPD.
  • the response includes three identifiers SN1, SN2, SN3: a serial number SN1 of the microcontroller MCI, a serial number SN2 of the microcontroller MC2 and a serial number SN3 of the memory MEM of the secured peripheral device secured peripheral device SPD.
  • Step 322 the software application APP transmits the received identifiers SN1, SN2, SN3 to the remote authentication server RAS and obtains from the remote authentication server RAS a token TK.
  • the token TK is a digital key randomly generated by the remote authentication server RAS.
  • Step 323 the software application APP sends to the secured peripheral device SPD a message M323.
  • the message M323 includes the token received in step 322.
  • Step 324 the secured peripheral device SPD generates a ciphered token TKc by ciphering the received token TK using the device authentication key KA as an encryption key.
  • Step 325 the secured peripheral device SPD sends to the software application APP a message M325 including the ciphered token TKc generated in step 324.
  • the secured peripheral device SPD generates in Step 325 one or more encryption keys KC1, KC2 for ciphering messages (data packets, control messages, response messages, etc.) to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3.
  • a symmetric ciphering scheme e.g. AES ciphering, Advance Encryption Standard
  • a symmetric ciphering scheme with block ciphering operating mode is used (e.g. Galois/Counter Mode, GCM).
  • the message M325 of step 325 includes the one or more generated encryption keys KC1, KC2.
  • an initialization vector I VI, IV2 is generated for each encryption key KC1, KC2 and is also included in the message M325 of step 325.
  • each encryption key KC1, KC2 is ciphered using the public key KKPUB received from the software application APP before transmission of the encryption key KC1, KC2 to the software application APP and deciphered from the software application APP using the private key KKPRI corresponding to the public key KKPUB.
  • the secured peripheral device SPD and the software application can now communicate in a secure manner using ciphered messages.
  • all the messages / messages sent between the software application APP and the secured peripheral device SPD after the execution of step 325 including the steps 315-317 (see FIG. 3 A) and all steps of the methods described by reference to FIGS. 3C, FIGS. 4A-4C, FIGS. 5A-5B, FIGS. 6A-6B, FIGS. 7A-7C, will be ciphered and deciphered using the one or more encryption keys KC 1 , KC2.
  • a single encryption key KC 1 suitable for symmetric ciphering is generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3.
  • the encryption key KC1 is intended to be used by the secured peripheral device SPD (respectively by the software application APP) to cipher messages to be transmitted via the wireless communication link L3 from the secured peripheral device SPD (respectively from the software application APP) to the software application APP (respectively to the secured peripheral device SPD) and to decipher ciphered messages received via the wireless communication link L3 by the secured peripheral device SPD (respectively by the software application APP) from the software application APP (respectively from the secured peripheral device SPD).
  • an initialization vector IV1 is generated for the encryption key KC1.
  • two encryption keys KC1, KC2 suitable for symmetric ciphering are generated for ciphering messages to be transmitted between the secured peripheral device SPD and the software application APP through the wireless communication link L3.
  • the first encryption key KC1 is intended to be used by the secured peripheral device SPD to cipher messages to be transmitted through the wireless communication link L3 from the secured peripheral device SPD to the software application APP through the wireless communication link L3 and to decipher ciphered messages received through the wireless communication link L3 by the secured peripheral device SPD from the software application APP.
  • the second encryption key KC2 is intended to be used by the software application APP to cipher messages to be transmitted via the wireless communication link L3 from the software application APP to the secured peripheral device SPD and to decipher ciphered messages received via the wireless communication link L3 by the software application APP from the secured peripheral device SPD.
  • an initialization vector I VI, IV2 is generated for each encryption key KC1, KC2.
  • Step 326 the ciphered token received in step 325 is transmitted by the software application APP to the remote authentication server RAS.
  • the encryption keys KC1, KC2 and / or initialization vectors are not transmitted to the remote authentication server RAS but securely stored in the electronic control device ECD, for example in the secure storage tool SS.
  • Any secure storage system may be used, for example a key storage system that is configured to provide access to the stored keys only when the electronic control device ECD is not locked and / or if the user U1 of the electronic control device ECD has provided predetermined authentication data (e.g. PIN code, password, biometric data, etc.).
  • the encryption keys KC1, KC2 and / or initialization vectors are not stored and the Step 325 is executed every time the electronic control device ECD starts a communication with the secured peripheral device SPD.
  • Step 327 the remote authentication server RAS decipher the ciphered token received in step 326.
  • the ciphering scheme is a symmetric ciphering scheme and the remote authentication server RAS deciphers the ciphered token using the shared device authentication key KA stored in association with the one or more identifiers received in step 322.
  • the deciphered token is compared with the token sent in step 322. In case of equality, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a success of the challenge-response authentication process. If the deciphered token is different from the token sent in step 322, the remote authentication server RAS sends to the software application APP a message M316 (see for example step 316) to indicate a failure of the challenge-response authentication process.
  • FIG. 4A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC 1 , MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein.
  • the steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
  • FIG. 4A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic host device EHD using an electronic control device ECD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB 1 , USB2 are assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD.
  • the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container Pl, P2, P3. In one or more embodiments, the method for providing access to a data container is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2.
  • step 330 a user interface of the software application APP is presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data container to be opened.
  • the list of data containers is built by the secured peripheral device SPD and sent to the software application APP.
  • the list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container.
  • the identification may be a name, for example“private”,“company 1”,“company2”.
  • the user Ul selects one or more data container. For example, it is assumed that the user Ul selects a first data container PI .
  • the software application APP sends a control message M331 to the secured peripheral device SPD to request the opening of the selected first data container PI .
  • the message M331 may include an identifier of the selected first data container Pl.
  • the message M331 may include a start address and an end address of the data container.
  • the message M331 may include the encryption key KP1 associated with the data container Pl.
  • the identifier may be the name of the data container or a corresponding logical identifier allocated to the selected first data container Pl by the secured peripheral device secured peripheral device SPD.
  • the message M331 is an example of a predetermined control message sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container Pl.
  • the software application APP when the selected first data container Pl is ciphered, provides in step 331 to the secured peripheral device SPD an associated encryption key KP1 to be used by the secured peripheral device SPD to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl.
  • the encryption key KP1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container Pl and retrieved by the software application APP.
  • the control message M331 includes the encryption key KP1.
  • step 332 the secured peripheral device SPD checks whether the selected first data container Pl exists in the memory MEM of the secured peripheral device SPD and deciphers the identified data container PI using the received encryption key KP1. If the selected first data container Pl does not exist, an error message is sent by the secured peripheral device SPD to the software application APP. In case wrong start and / or end addresses of the data container have been received by the secured peripheral device SPD, the secured peripheral device SPD will not be able to read / interpret the deciphered data of the data container due to deciphering errors. Once the data container has been deciphered, the secured peripheral device SPD extracts descriptive data of the content of the data container: file names, file sizes, folder names, etc. If the selected data container exists and no deciphering error is detected, step 333 is executed.
  • the secured peripheral device SPD mounts a file system for the selected first data container Pl and sent descriptive data of the mounted file system to the electronic host device EHD through the communication link Ll to provide access to the data files stored in the selected data container from the electronic host device EHD.
  • the descriptive data of content of the data container are sent to the software application APP through the communication link L3.
  • the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl before mounting the file system.
  • step 334 in case of success of the mounting operation of step 333, the data container is now opened and may be accessed. For example, the data files stored in the selected first data contained may be viewed and accessed from the electronic host device EHD. Further, in case of failure of the mounting operation, an error message M334 is sent by the secured peripheral device SPD to the software application APP.
  • a LED of the secured peripheral device SPD may be switched on to provide feedback to the user U1 regarding the success or failure of the opening of the data container. For example, in case of success of the opening a LED of the secured peripheral device SPD may be switch on to provide feedback to the user U1.
  • step 335 in case of success of the mounting operation of step 333, a message M335 is sent by the secured peripheral device SPD to the software application APP to indicate that the selected first data container Pl has been successfully mounted and may be accessed to from the electronic host device EHD and / or from the electronic control device ECD.
  • a list of data files stored in the selected first data container Pl is sent to the software application APP.
  • step 336 upon receipt of the message M335, the software application APP displays an information message M336 to inform the user U1 of the success of the opening of the selected first data container Pl .
  • the first data container Pl is now opened, i.e. the content of this data container may be accessed to.
  • a list of data files and / or file folders stored in the selected first data container Pl is displayed on a user interface of the software application APP.
  • the user interface of the software application APP is configured to allow the user U1 to trigger the execution of one or more operations on the opened first data container PI and / or the content of the opened first data container PI (i.e.
  • the triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc.
  • the triggered operation may be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc.
  • a control message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the mounted file system according to a result of the specified operation and provides feedback to the software application APP.
  • Feedback on the result of the specified operation may then be provided to the user UI through a user interface of the software application APP.
  • the feedback may include updated information on the content of the opened first data container PI.
  • the user interface of the software application APP is configured to provide feedback to the user Ul on the operations performed on the mounted file system from the electronic host device EHD. For example, if data files are added to the opened data contained, the added data files are shown in the user interface of the software application APP.
  • FIG. 4B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein.
  • the steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC 1 ) through the communication link L3.
  • FIG. 4B shows a method for deleting one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB1 is assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD.
  • the method for deleting one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3G).
  • the method for deleting a data container is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container PI , P2, P3. In one or more embodiments, the method for deleting one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2.
  • Step 340 a user interface of the software application APP is presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data containers to be deleted.
  • the user- Ul performs an action on the user interface of the software application APP to request deletion of one or more selected data containers of the secured peripheral device secured peripheral device SPD. For example, the user Ul select a second data container P2.
  • Step 341 the software application APP is configured to display an information message to invite the user Ul to perform a back-up of the data stored in the selected data containers.
  • the selected second data container P2 is assumed to be opened, for example according to the method for providing access to a data container described by reference to FIG. 4A.
  • a file system for the selected second data container P2 has been mounted to provide access to the data files stored in the selected second data container P2 from the electronic host device EHD.
  • Step 342 the user Ul may perform a back-up of the data stored in the selected second data container P2, for example by copying all data files and / or file folders from the secured peripheral device SPD to the electronic host device EHD.
  • Step 343 the software application APP is configured to display an information message to invite the user Ul to perform an action to confirm completion of the back-up.
  • Step 344 upon receipt of the confirmation of the user Ul , the software application APP is configured to send a message M344 to the secured peripheral device SPD to request the deletion of the selected second data container P2.
  • Step 345 the software application APP is configured to display an information message to inform the user Ul of that the deletion process is in progress.
  • Step 346 upon receipt of the message M344, the secured peripheral device SPD is configured to unmount the file system mounted for the selected second data container P2 and to delete the selected second data container P2.
  • the access to the selected second data container P2 is no more possible from the electronic host device EHD.
  • Step 347 all associated data (e g. partition table, file indexes, memory blocks and / or randomly writen blocks, encryption keys, etc.) stored in the memory MEM of secured peripheral device SPD are deleted to avoid any further recovery.
  • associated data e g. partition table, file indexes, memory blocks and / or randomly writen blocks, encryption keys, etc.
  • the secured peripheral device SPD is configured to send a message M348 to inform the software application of the completion of the deletion.
  • the secured peripheral device SPD is configured to send to the software application APP the identifier(s) of the deleted data container(s).
  • the software application APP is configured to delete the encryption key KP2 associated with the deleted data container(s).
  • the software application APP is configured to display an information message to inform the user U1 of the completion of the deletion process.
  • FIG. 4C represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omited, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and an electronic host device EHD according to any embodiment described therein.
  • the steps of the method are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC 1 ) through the communication link L3.
  • FIG. 4C shows a method for creating one or more data containers of the secured peripheral device SPD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB 1 is assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be operatively connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD.
  • the method for creating one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for creating a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container PI, P2, P3. In one or more embodiments, the method for creating one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • the software application APP is configured to allow the user U1 to create one or more data container.
  • a user interface of the software application APP may for example be presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD may be presented to the user Ul.
  • the user Ul performs an action on the user interface of the software application APP to request creation of one or more data containers in the secured peripheral device secured peripheral device SPD.
  • the software application APP is configured to receive input data from the user Ul specifying a new data container P3 to be created.
  • the input data may include an identification (e.g. a name) and / or parameters (e.g. size of the container) of the data container P3 to be created.
  • Step 352 the software application APP is configured to send a message M352 to the secured peripheral device SPD to request the creation of a new data container P3.
  • the message M352 may include the identification and / or the parameters (e.g. address of the start and stop memory blocks) of the data container to be created.
  • the secured peripheral device SPD upon receipt of the message M352, is configured to create a new data container P3.
  • the new data container is created in accordance with the received identification and / or the parameters.
  • the secured peripheral device SPD if the new data container P3 has to be ciphered, is configured to generate an encryption key KP3 associated to the new data container P3.
  • the secured peripheral device SPD is configured to mount a file system for the new data container P3 and to send descriptive data of the mounted file system to the electronic host device EHD in order to provide access to the new data container P3 from the electronic host device EHD.
  • the secured peripheral device SPD is configured to send a message M354 to inform the software application APP of the completion of the creation of the new data container P3.
  • the secured peripheral device SPD is configured to send to the software application APP the encryption key KP3 associated to the new data container.
  • Step 355 the software application APP is configured to inform the user Ul of the creation of the new data container P3.
  • the software application APP is configured to store the encryption key KP3 associated to the new data container P3.
  • the software application APP is configured to store the associated encryption key KP3 in the secure storage tool SS.
  • the electronic host device EHD is connected to the first multifunction communication interface USB1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD is connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • a first communication protocol e.g. USB protocol
  • a second communication protocol e.g. SPI protocol
  • SPI protocol serial protocol protocol
  • Data access operations may then be performed to copy one or more data files from the data storage peripheral device DPD to the electronic host device EHD or from the electronic host device EHD to the data storage peripheral device DPD through the two microcontrollers MCI, MC2.
  • the architecture of secured peripheral device SPD prohibits direct transfers from USB female port to male USB port or vice versa.
  • a protocol break e.g.
  • a translation of protocol from the first communication protocol to the second communication protocol or vice-versa) is implemented by the two microcontrollers MC 1 , MC2 of the secured peripheral device SPD for processing commands and transmitting data from the data storage peripheral device DPD to the electronic host device EHD or, respectively, from the electronic host device EHD to the data storage peripheral device DPD.
  • the protocol translation performed by the two microcontrollers MCI, MC2 does not alter the content of the initial message sent, but only convert the format of the initial message to another format complying with a second communication protocol.
  • the two microcontrollers MCI, MC2 are configured to apply the protocol conversion only to predefined USB messages that enable to implement data block copy through a USB connection.
  • a hardware barrier is implemented by the two microcontrollers MCI, MC2 preventing malicious messages / commands to be transmitted and processed by the data storage peripheral device DPD or the electronic host device EHD.
  • the transmitted data may additionally be filtered by the electronic host device EHD by means of an antivirus program before being sent to the secured peripheral device SPD or upon receipt from the secured peripheral device SPD.
  • the data files stored in the data storage peripheral device DPD are accessible to the second microcontroller MC2 through a first file system.
  • the second microcontroller MC2 is configured to transmit to the first microcontroller MC 1 the descriptive data of the first file system by means of the SPI protocol.
  • the first microcontroller MC1 is configured to generate on the basis of the descriptive data a second file system imaging the first file system and to provide to the electronic host device EHD access to the storage space and data files of the data storage peripheral device DPD through the second file system.
  • the microcontrollers MCI and MC2 are configured to implement only read and write operations on memory blocks using the first and second file systems. Example embodiments will be presented below by reference to FIGS. 5A and 5B.
  • FIG. 5A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC 1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein.
  • SPD secured peripheral device SPD
  • ECD electronice.g. by the software application APP of the electronic control device ECD
  • DPD data storage peripheral device
  • EHD electronic host device
  • FIG. 5A shows a method for reading data stored on a data storage peripheral device DPD from an electronic host device EHD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB1, USB2 are assumed to be USB interfaces.
  • the electronic host device EHD is assumed to be connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • USB 1 e.g. male USB port
  • USB2 e.g. female USB port
  • the steps of the method for reading data stored on a data storage peripheral device are performed respectively by the software application APP of the electronic control device ECD and by the microcontrollers MCI and MC2 as indicated below.
  • the steps are performed under control of the software application APP that communicate by means of messages with the microcontroller MCI through the communication link L3.
  • the method for reading data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • Steps 360-365 may be performed for each reading operation.
  • a reading operation may concern user data (e.g. one or more data files) to be read and transferred from the data storage peripheral device DPD to the electronic host device EHD.
  • user data e.g. one or more data files
  • Step 360 the electronic host device EHD initiates the reading operation by sending a first USB message M360 including a reading command to the microcontroller MCI through the first multifunction communication interface USB 1 in accordance with the USB protocol.
  • Parameters of the reading command may include an address of a buffer to which the user data have to be transferred and the identification of the documents to be read.
  • Step 361 the microcontroller MCI initiates a SPI communication with the microcontroller MC2.
  • a master/slave relationships is defined in which the microcontroller MCI is the master and the microcontroller MC2 is the slave.
  • the microcontroller MCI converts (protocol translation) the first USB message M360 into a SPI message M361 including the reading command and transmits the SPI message M361 to the microcontroller MC2.
  • Step 362 the microcontroller MC2 receives the SPI message M361 and converts (protocol translation) the SPI message into a second USB message M362 including the reading command and transmits the second USB message M362 to the data storage peripheral device DPD.
  • Step 363 the microcontroller MC2 sends a confirmation message M363 to the microcontroller MCI to confirm the transmission of the second USB message M362.
  • Step 364 the microcontroller MCI terminates the SPI communication with the microcontroller MC2.
  • Step 365 the data storage peripheral device DPD executes the reading command and inserts the read user data into the specified buffer.
  • Step 366 the data storage peripheral device DPD sends a first USB response message M366 to inform the microcontroller MC2 of the completion of the insertion of the read user data into the specified buffer.
  • Step 367 the microcontroller MC2 initiates another SPI communication with the microcontroller MCI .
  • the microcontroller MC2 is the master and the microcontroller MCI is the slave for this SPI communication.
  • the microcontroller MC2 converts (protocol translation) the first USB response message M366 into a SPI response message M367 and transmits the SPI response message M367 to the microcontroller MCI.
  • the microcontroller MC2 terminates the SPI communication with the microcontroller MCI.
  • Step 368 the microcontroller MCI converts (protocol translation) the SPI response message M367 into a second USB response message M368 and transmits the second USB response M368 message to the electronic host device EHD.
  • Step 369 the electronic host device EHD accesses to the specified buffer and extract the read user data from the specified buffer.
  • FIG. 5B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD), a data storage peripheral device DPD and an electronic host device EHD according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MC1) through the communication link L3.
  • FIG. 5B shows a method for writing data from an electronic host device EHD to a data storage peripheral device DPD in accordance with one or more embodiments.
  • the electronic host device EHD is assumed to be connected to the first multifunction communication interface USB 1 (e.g. male USB port) of the secured peripheral device SPD and the data storage peripheral device DPD to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • USB 1 e.g. male USB port
  • USB2 e.g. female USB port
  • the method for writing data is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for reading data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • Steps 370-377 may be performed for each writing operation.
  • a writing operation may concern user data (e.g. one or more data files) to be written and transferred from the electronic host device EHD to the data storage peripheral device DPD.
  • user data e.g. one or more data files
  • Step 370 the electronic host device EHD initiates the writing operation by sending through the communication link L3 a first USB message M370 including a writing command to the microcontroller MCI through the first multifunction communication interface USB1 in accordance with the USB protocol.
  • Parameters of the writing command may include an address of a buffer from which the user data have to be transferred and the identification of the documents to be written.
  • Step 371 the microcontroller MCI initiates a SPI communication with the microcontroller MC2 in which the microcontroller MCI is the master and the microcontroller MC2 is the slave.
  • the microcontroller MCI converts (protocol translation) the first USB message M370 into a SPI message M371 including the writing command and transmits the SPI message M371 to the microcontroller MC2.
  • Step 372 the microcontroller MC2 receives the SPI message M371 and converts (protocol translation) the writing ISP command into a second USB message M372 including the writing command and transmits the second USB message M372 to the data storage peripheral device DPD.
  • the data storage peripheral device DPD executes the writing command.
  • the execution may include extracting the user data from the specified buffer to copy them in the internal memory of the data storage peripheral device DPD and then writing the user data to the permanent memory of the data storage peripheral device DPD.
  • Step 374 the data storage peripheral device DPD sends a first USB response message M374 to inform the microcontroller MC2 of the completion of the transfer of the user data.
  • Step 375 the microcontroller MC2 converts (protocol translation) the first USB response message M374 into a SPI response message M375 and transmits the SPI response message M375 to the microcontroller MCI .
  • the microcontroller MC2 terminates the SPI communication with the microcontroller MC 1.
  • Step 376 the microcontroller MCI converts (protocol translation) the SPI response message M375 into a second USB response message M376 and transmits the second USB response message M376 to the electronic host device EHD.
  • Step 377 the electronic host device EHD terminates the writing operation.
  • FIG. 6A represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MCI, MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the microcontroller MC1 through the communication link L3.
  • FIG. 6A shows a method for providing access to one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments.
  • the method for providing access to a data container is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.
  • the method for providing access to a data container is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for providing access to a data container is performed (and possible) only if the secured peripheral device has received from the electronic control device ECD the encryption key KP1, KP2, KP3 associated with the data container(s) PI, P2, P3 to be accessed.
  • step 610 a user interface of the software application APP is presented to the user Ul.
  • a list of one or more data containers 223 existing in the memory MEM of the secured peripheral device SPD is presented to the user Ul to allow him to select one or more data container to be opened and accessed.
  • the list of data containers is built by the secured peripheral device SPD and sent to the software application APP.
  • the list of data containers shows only an identification of each data container, but not the content (i.e. data files and / or file folders) of each data container.
  • the identification may be a name, for example“private”,“company 1”,“company2”.
  • the user Ul selects one or more data container to be opened. For example, it is assumed that the user Ul selects a first data container PI .
  • the software application APP sends a control message M611 to the secured peripheral device SPD to request the opening of the selected first data container Pl.
  • the message M611 may include an identifier of the selected first data container PI.
  • the control message M611 may include a start address and an end address of the data container.
  • the control message M611 may include the encryption key KP1 associated with the data container Pl.
  • the control message M611 is an example of a predetermined control message to be sent by the software application APP before the secured peripheral device SPD starts providing access to the selected first data container Pl.
  • the software application APP when the selected first data container Pl is ciphered, provides in step 61 1 to the secured peripheral device SPD an associated encryption key KP1 to be used by the secured peripheral device SPD to decipher the selected first data container Pl and / or the data files stored in the selected first data container PI .
  • the encryption key KP1 is stored in the secure storage tool SS (see FIG. 2B) in association with an identifier of the selected first data container Pl and retrieved by the software application APP.
  • the control message M611 includes the encryption key KP1.
  • step 612 the secured peripheral device SPD checks whether the selected first data container Pl exists in the memory MEM of the secured peripheral device SPD. If the selected first data container Pl does not exist, an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening operation.
  • the secured peripheral device SPD uses the received encryption key KP1 to decipher the selected first data container Pl and / or the data files stored in the selected first data container Pl.
  • the secured peripheral device SPD will not be able to read / interpret the deciphered data in the data container due to deciphering errors.
  • an error message is sent in step 612 by the secured peripheral device SPD to the software application APP to terminate the opening process. Otherwise, in case of success of the opening of the data container, a response message is sent in step 612 to the software application APP to indicate a success of the opening operation and step 613 is executed.
  • a led of the secured peripheral device SPD may be switched on / off to provide feedback to the user U1 regarding the success or failure of the opening operation.
  • a led of the secured peripheral device SPD may be switched on to provide feedback to the user U1.
  • step 613 the software application APP sends a control message to the secured peripheral device SPD to request descriptive data of the opened data container.
  • the secured peripheral device SPD extracts from the deciphered data container descriptive data of the content of the data container: e.g. file names, file sizes, folder names, etc.
  • the descriptive data of content of the data container are sent to the software application APP through the communication link L3.
  • step 615 upon receipt of the descriptive data, the software application APP displays an information message to inform the user U1 of the success of the opening of the selected first data container Pl .
  • the first data container Pl is now opened, i.e. the content of this data container may be accessed to.
  • a list of data files and / or one or more file folders stored in the selected first data container Pl is displayed on a user interface of the software application APP. For example, a list of data files stored in the root folder of the data container is displayed.
  • the user interface of the software application APP is configured to allow the user U1 to trigger the execution of one or more operations on the opened first data container PI and / or the content of the opened first data container PI (i.e. on the data files and / or file folders stored in the opened first data container PI).
  • the triggered operation may be any operation on a data file including: opening a data file, editing a data file, copying a data file, deleting a data file, moving a data file, renaming a data file, creating a new file, managing read/write rights, etc.
  • the triggered operation may also be any operation on a file folder including: opening a file folder, deleting a file folder, moving a file folder, renaming a file folder, creating a new folder, managing read/write rights, etc.
  • a message is sent by the software application APP to the secured peripheral device SPD to trigger a specified operation, then the secured peripheral device SPD executes the specified operation, amends the deciphered data container according to a result of the specified operation and provides feedback to the software application APP. Feedback on the result of the specified operation may then be provided to the user Ul through a user interface of the software application APP.
  • the feedback may include updated information on the content of the opened first data container PI.
  • FIG. 6B represents a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC 1 , MC2 of the secured peripheral device SPD) and an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
  • FIG. 6B shows a method for performing an operation on one or more data containers of the secured peripheral device SPD from an electronic control device ECD in accordance with one or more embodiments.
  • the method for performing an operation on one or more data containers is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC1, KC2 (see FIG. 3C).
  • the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.
  • the method for performing an operation on one or more data containers is performed only if the pairing process and the challenge response authentication process were both successfully completed (see FIGS. 3B and 3C). In one or more embodiments, the method for performing an operation on one or more data containers is performed (and possible) only if the secured peripheral device SPD has received from the electronic control device ECD the encryption key KP1 , KP2, KP3 associated with the data container PI, P2, P3 and the data container has been opened using for example the method steps 610-612 described by reference to FIG. 6A.
  • a user interface of the software application APP is presented to the user U1.
  • the content of one or more data containers in the memory MEM of the secured peripheral device SPD is presented to the user U1 to allow him to trigger one or more operations to perform on this content.
  • the user U1 performs a predefined action on the user interface of the software application APP to trigger the execution of the one or more operations.
  • the operation is the opening of the folder of the data container, a change in the access rights (read / write rights) on one or more data files, a deletion of a data file, a deletion of a data folder, a copy of one or more selected data files, etc.
  • step 621 the software application APP sends a control message M620 to trigger the execution of the one or more operations.
  • step 622 the secured peripheral device SPD executes the one or more operations specified by the control message M620.
  • the secured peripheral device SPD is configured to send a message to inform the software application APP of the completion of the one or more operations.
  • the user interface of the software application APP is updated to show the result of the one or more operations. For example, an updated list of data files stored in one or more folders of the data container is displayed.
  • the secured peripheral device SPD may be used as a self-powered peripheral device SPD that integrates all hardware and software modules to provide a standalone solution, compact and ergonomic to manage the interface between the electronic control device and the external data storage device.
  • the electronic control device ECD e.g. a smartphone, laptop, personal data assistant, or any portable device
  • the electronic control device ECD itself is not impacted by the transfer of the data files which remain in the secured environment of the self-powered peripheral device used as an intermediate storage device.
  • the use of the electronic control device ECD to control the access operations is advantageous from a user point of view because it is possible to present various, long and complex types of information on the electronic control device ECD.
  • the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more first control messages comprising first instructions for instructing the self-powered peripheral device SPD to access to a file system of the data storage peripheral device DPD.
  • the first control messages are received after completion of the pairing process and / or the challenge- response authentication process.
  • the secured peripheral device SPD may provide, to the software application APP through the wireless communication link L3, a response message including descriptive data of the file system.
  • the secured peripheral device SPD receives, from the software application APP through the wireless communication link L3, one or more second control messages comprising reading instructions for instructing the self-powered peripheral device SPD to perform a copy of one or more selected data files from the external data storage peripheral device DPD to the self-powered peripheral device SPD.
  • the secured peripheral device SPD may send, to the software application APP through the wireless communication link L3, at least one feedback message on the completion of the requested copy. Further details and embodiments are described below by reference to FIGS. 7A-7C.
  • the secured peripheral device SPD remains as easy to use as any USB dongle which is a major asset for users who need to share information quickly and in all circumstances.
  • the control of operations by a smartphone is for example a common and user-friendly solution adapted to the daily use and private / professional practices of many users (e.g. banking management, smart objects management,).
  • FIG. 7A-7C represent a flowchart of a method according to an example of the present description. While the various steps in the flowchart are presented and described sequentially, the man skill in the art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all of the steps may be executed in parallel.
  • the method steps may be implemented respectively by a secured peripheral device SPD (e.g. by one or more microcontrollers MC1, MC2 of the secured peripheral device SPD), an electronic control device ECD (e.g. by the software application APP of the electronic control device ECD) and a data storage peripheral device DPD according to any embodiment described therein.
  • the steps are performed under control of the software application APP that communicates by means of messages with the secured peripheral device SPD (e.g. with the microcontroller MCI) through the communication link L3.
  • FIG. 7A-7C shows a method for copying data stored on a data storage peripheral device DPD to a secured peripheral device SPD in accordance with one or more embodiments.
  • the multifunction communication interfaces USB2 are assumed here to be USB interfaces.
  • the data storage peripheral device DPD is assumed to be connected to the second multifunction communication interface USB2 (e.g. female USB port) of the secured peripheral device SPD.
  • the secured peripheral device SPD being a secured peripheral device, the method is intended to be performed when the secured peripheral device SPD is not connected to the electronic host device EHD and may be performed without using any electronic host device EHD.
  • the method for copying data is performed only if the pairing process and / or the challenge response authentication process were successfully completed (see FIGS. 3B and 3C).
  • the method for copying data is performed only if the communication between the electronic control device ECD and the secured peripheral device SPD through the communication link L3 is operatively active and secured by means of the encryption keys KC 1 , KC2 (see FIG. 3C). ;
  • the secured peripheral device SPD detects the data storage peripheral device DPD and reads the file system of the data storage peripheral device DPD as master device.
  • the secured peripheral device SPD sends a message to the software application APP to inform the software application APP of the detection performed in step 710.
  • the software application APP informs the user U1 that a data storage peripheral device DPD is connected.
  • the software application APP is configured to provide a user interface to allow the user U1 to authorize access to the data storage peripheral device DPD. Once authorization has been received from the user Ul, the file system of the data storage peripheral device DPD can be mounted.
  • Step 714 the software application APP sends a control message M714 to the secured peripheral device SPD.
  • the control message M714 comprises instructions for instructing the secured peripheral device SPD to access to a file system of the external data storage electronic device DPD, e.g. to request the mounting of the file system of the data storage peripheral device DPD.
  • the secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD upon receipt the control message M714.
  • Step 715 upon receipt of the control message M714, the secured peripheral device SPD accesses to the file system of the external data storage electronic device DPD.
  • the file system of the data storage peripheral device DPD is mounted by the secured peripheral device SPD.
  • Step 716 the software application APP sends a message to the secured peripheral device SPD to request the status of the mounting operation.
  • the secured peripheral device SPD sends a response message to indicate that the mounting is successful.
  • Step 718 the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the file system (e.g. of its content, including descriptive data one or more data files and / or file folders) of the data storage peripheral device DPD.
  • the secured peripheral device SPD sends a response message including descriptive data of the file system (e.g. of the content, including descriptive data of one or more data files and / or file folders) of the data storage peripheral device DPD, e.g. the content of a current folder (e.g. the root folder) of the data storage peripheral device DPD.
  • Step 720 the software application APP provides a user interface showing the content of the data storage peripheral device DPD, e.g. a list of one or more data files and / or one or more data folders. Steps 730-736 may be executed after step 720: see FIG. 7B.
  • the software application APP is configured to allow the user Ul to navigate in the file system of the data storage peripheral device DPD, e. g. to change the current folder.
  • Step 731 the software application APP sends a message to the secured peripheral device SPD to request descriptive data of the content of the current folder.
  • the secured peripheral device SPD gets the descriptive data of the content of the current folder from the data storage peripheral device DPD using the mounted file system.
  • the secured peripheral device SPD sends a response message including the requested descriptive data.
  • Step 734 the software application APP displays a user interface showing the content of the current folder, e.g. a list of one or more data files stored in the current folder.
  • Steps 730-734 may be repeated.
  • Step 735 the software application APP displays a user interface to allow the user Ul to select one or more data files to be copied to the secured peripheral device SPD. One or more data files are selected.
  • Step 736 the software application APP stores in a memory an identification of the data files selected in step 735.
  • Steps 730-736 may be repeated to select other or further data files.
  • Steps 740-747 may be executed after step 736: see FIG. 7C.
  • Step 740 the software application APP displays a user interface to allow the user Ul to request the transfer of the selected data files to a destination folder of a destination data container of the secured peripheral device SPD.
  • the software application APP receives a user input to trigger the transfer.
  • only an opened data container may be selected as a destination data container.
  • the data container may be opened using for example the method steps 610- 612 described by reference to FIG. 6A.
  • Step 741 the software application APP displays a user interface to allow the user Ul to specify a destination data container of the secured peripheral device SPD.
  • Step 742 the software application APP receives user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD.
  • Step 743 the software application APP checks whether the selected data files already exist in the destination data container and / or destination folder, and in case of a positive answer the software application APP displays a user interface to allow the user Ul to decide whether to proceed or not.
  • the software application APP receives user input to cancel or confirm the copy of the selected data files and proceeds accordingly. In case of confirmation, steps 744 is executed, otherwise steps 730-734 or 735-736 may be repeated.
  • Step 744 the software application APP sends to the secured peripheral device SPD a control message M744 to trigger the copy of the selected data files in the destination data container and / or destination folder.
  • the control message M744 comprises reading instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files from the external data storage electronic device DPD to a data container of the secured peripheral device SPD.
  • the control message M744 comprises the encryption key KP1, KP2, KP3 associated with the destination data container PI, P2, P3 to which the copied data have to be stored.
  • Step 745 the secured peripheral device SPD performs the requested copy of the selected data files and stores them in the destination data container and / or destination folder.
  • Step 746 the secured peripheral device SPD sends to the software application APP at least one feedback message on the completion of the requested copy, for example to confirm the completion of the copy.
  • Step 747 the software application APP may display an information message to inform the user of the completion of the copy. After the execution of step 747, steps 730-734 or 735-736 may be repeated.
  • the method described by reference to FIGS. 7A-7C may be transposed to the copy of one or more data files from a data container of the secured peripheral device SPD to the data storage electronic device DPD.
  • the first microcontroller MC1 may be programmed by means of firmware instructions to perform the described steps.
  • the first microcontroller MCI may access to a data container PI, P2, P3 of the secured peripheral device SPD and provide, to the software application APP through the wireless :ommunication link L3, descriptive data of the content of the data container (see for example steps 620- 521 described above).
  • the first microcontroller MCI may then receive, from the software application APP through the wireless communication link L3, a control message comprising writing instructions for instructing the secured peripheral device SPD to perform a copy of one or more selected data files of the data container of the secured peripheral device SPD to the external data storage electronic device DPD, perform the requested copy to the external data storage electronic device DPD and provide, to the software application APP through the wireless communication link L3, feedback on the completion of the requested copy to the external data storage electronic device DPD (see for example steps 744-747 described above).
  • the software application APP may display a user interface to allow the user U1 to specify a source data container of the secured peripheral device SPD and receive user inputs specifying a destination data container and / or a destination folder of the secured peripheral device SPD.
  • Each described function, engine, block of the block diagrams and flowchart illustrations may be implemented in hardware, software, firmware, middleware, microcode, or any suitable combination thereof. If implemented in software, the functions, engines, blocks of the block diagrams and/or flowchart illustrations can be implemented by computer program instructions or software code, which may be stored or transmitted over a computer-readable medium, or loaded onto a general purpose computer, special purpose computer or other programmable data processing apparatus to produce a machine, such that the computer program instructions or software code which execute on the computer or other programmable data processing apparatus, create the means for implementing the functions described herein.
  • Embodiments of computer-readable media includes, but are not limited to, both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • software instructions or computer readable program code to perform embodiments described herein may be stored, temporarily or permanently, in whole or in part, on a non-transitory computer readable medium of a local or remote storage device including one or more storage media.
  • a computer storage medium may be any physical media that can be read, written or more generally accessed by a computer.
  • Examples of computer storage media include, but are not limited to, a flash drive or other flash memory devices (e.g. memory keys, memory sticks, key drive), CD-ROM or other optical storage, DVD, magnetic disk storage or other magnetic storage devices, solid state memory, memory chip, RAM, ROM, EEPROM, smart cards, a relational database management system (RDBMS), a traditional database, or any other suitable medium from that can be used to carry or store program code in the form of instructions or data structures which can be read by a computer processor.
  • flash drive or other flash memory devices e.g. memory keys, memory sticks, key drive
  • CD-ROM or other optical storage DVD
  • magnetic disk storage or other magnetic storage devices solid state memory
  • solid state memory memory chip
  • RAM random access memory
  • ROM read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • smart cards e.g., electrically erasable
  • various forms of computer-readable medium may be used to transmit or carry instructions to a computer, including a router, gateway, server, or other transmission device, wired (coaxial cable, fiber, twisted pair, DSL cable) or wireless (infrared, radio, cellular, microwave).
  • the instructions may include code from any computer-programming language, including, but not limited to, assembly, C, C++, Basic, SQL, MySQL, HTML, PHP, Python, Java, Javascript, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Systems (AREA)

Abstract

L'invention concerne un dispositif périphérique sécurisé (SPD) qui comprend : une ou plusieurs interfaces de communication configurées pour être connectées à un dispositif électronique externe (DPD, EHD); une interface de communication configurée pour communiquer par l'intermédiaire d'une liaison de communication sans fil bidirectionnelle (L3) avec une application logicielle exécutée par un dispositif de commande électronique (ECD) et pour mettre en œuvre un processus d'appariement entre le dispositif périphérique sécurisé (SPD) et le dispositif de commande électronique (ECD). L'application logicielle est configurée pour communiquer avec un serveur d'authentification à distance (RAS); un premier microcontrôleur programmé au moyen d'instructions de micrologiciel pour : mettre en œuvre, par l'intermédiaire de la liaison de communication sans fil et de l'application logicielle, un processus d'authentification par défi-réponse avec le serveur d'authentification à distance; recevoir, à partir des messages de commande d'application logicielle comprenant des instructions pour ordonner audit dispositif périphérique sécurisé d'effectuer une opération par l'intermédiaire de ladite ou desdites interfaces de communication, lesdits messages de commande étant reçus uniquement en cas de réussite du processus d'authentification par défi-réponse.
PCT/IB2017/001788 2017-12-29 2017-12-29 Contrôle d'intégrité d'un dispositif périphérique sécurisé WO2019130042A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2017/001788 WO2019130042A1 (fr) 2017-12-29 2017-12-29 Contrôle d'intégrité d'un dispositif périphérique sécurisé

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2017/001788 WO2019130042A1 (fr) 2017-12-29 2017-12-29 Contrôle d'intégrité d'un dispositif périphérique sécurisé

Publications (1)

Publication Number Publication Date
WO2019130042A1 true WO2019130042A1 (fr) 2019-07-04

Family

ID=63143280

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2017/001788 WO2019130042A1 (fr) 2017-12-29 2017-12-29 Contrôle d'intégrité d'un dispositif périphérique sécurisé

Country Status (1)

Country Link
WO (1) WO2019130042A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112287356A (zh) * 2020-11-11 2021-01-29 西安四叶草信息技术有限公司 一种计算机系统安全性评估方法与系统
EP3955516A3 (fr) * 2021-03-31 2022-03-09 CyberArk Software Ltd. Couche de sécurité basée sur l'identité pour dispositifs informatiques périphériques
CN116137574A (zh) * 2021-11-18 2023-05-19 北京小米移动软件有限公司 外设认证方法、装置电子设备及存储介质
US11743032B2 (en) 2021-03-31 2023-08-29 Cyberark Software Ltd. Identity-based security layer for peripheral computing devices

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130167254A1 (en) * 2011-12-22 2013-06-27 Joel Gyllenskog Universal Serial Bus Shield
EP2659419A1 (fr) 2010-12-27 2013-11-06 Electricité de France Procédé et dispositif de contrôle d'accès à un système informatique
US20170017810A1 (en) 2007-09-27 2017-01-19 Clevx, Llc Data security system with encryption
WO2017120011A1 (fr) * 2016-01-10 2017-07-13 Apple Inc. Jumelage de dispositifs sécurisé

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170017810A1 (en) 2007-09-27 2017-01-19 Clevx, Llc Data security system with encryption
EP2659419A1 (fr) 2010-12-27 2013-11-06 Electricité de France Procédé et dispositif de contrôle d'accès à un système informatique
US20130167254A1 (en) * 2011-12-22 2013-06-27 Joel Gyllenskog Universal Serial Bus Shield
WO2017120011A1 (fr) * 2016-01-10 2017-07-13 Apple Inc. Jumelage de dispositifs sécurisé

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NISSIM NIR ET AL: "USB-based attacks", COMPUTERS & SECURITY, ELSEVIER SCIENCE PUBLISHERS. AMSTERDAM, NL, vol. 70, 10 August 2017 (2017-08-10), pages 675 - 688, XP085176497, ISSN: 0167-4048, DOI: 10.1016/J.COSE.2017.08.002 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112287356A (zh) * 2020-11-11 2021-01-29 西安四叶草信息技术有限公司 一种计算机系统安全性评估方法与系统
CN112287356B (zh) * 2020-11-11 2023-12-22 西安四叶草信息技术有限公司 一种计算机系统安全性评估方法与系统
EP3955516A3 (fr) * 2021-03-31 2022-03-09 CyberArk Software Ltd. Couche de sécurité basée sur l'identité pour dispositifs informatiques périphériques
US11743032B2 (en) 2021-03-31 2023-08-29 Cyberark Software Ltd. Identity-based security layer for peripheral computing devices
CN116137574A (zh) * 2021-11-18 2023-05-19 北京小米移动软件有限公司 外设认证方法、装置电子设备及存储介质
CN116137574B (zh) * 2021-11-18 2024-04-09 北京小米移动软件有限公司 外设认证方法、装置电子设备及存储介质

Similar Documents

Publication Publication Date Title
EP3050335B1 (fr) Systèmes et procédés de contrôle d'accès de ccp dans une architecture de ccp centrique d'élément sécurisé
CN105376216B (zh) 一种远程访问方法、代理服务器及客户端
US8832783B2 (en) System and method for performing secure communications
JP5852265B2 (ja) 計算装置、コンピュータプログラム及びアクセス許否判定方法
WO2019130042A1 (fr) Contrôle d'intégrité d'un dispositif périphérique sécurisé
US8869273B2 (en) Apparatus and method for enhancing security of data on a host computing device and a peripheral device
US7861015B2 (en) USB apparatus and control method therein
TW202232353A (zh) 安全儲存通行裝置
CN108229220B (zh) 用于在不可信用户设备上的信息的可信呈现的系统和方法
CN116760566B (zh) 数据传输方法、系统、第一端、中间网络设备及控制设备
JP2016186782A (ja) データ処理方法及びデータ処理装置
KR101534566B1 (ko) 클라우드 가상 데스크탑 보안 통제 장치 및 방법
WO2022126644A1 (fr) Dispositif de protection de modèle, procédé, et dispositif informatique
CN104680055A (zh) 一种u盘接入工业控制系统网络后接受管理的控制方法
CN104821878A (zh) 用于确保数据交换的安全性的便携式安全设备、方法和计算机程序产品
JP5799399B1 (ja) 仮想通信システム
CN104834874A (zh) 建立安全执行环境之间的物理局部性
CN103605934B (zh) 一种可执行文件的保护方法及装置
KR20230098156A (ko) 암호화된 파일 제어
US11082222B2 (en) Secure data management
WO2019130041A1 (fr) Procédé de commande d'accès à un dispositif périphérique de stockage de données
US10140431B2 (en) File management system and user terminal in file management system
KR102081875B1 (ko) 사용자와 모바일 단말기 및 추가 인스턴스 간의 보안 상호 작용을 위한 방법
CN115906196A (zh) 一种移动存储方法、装置、设备及存储介质
CN116018580B (zh) 用于跨云壳层的实例持久化数据的技术

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17896320

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17896320

Country of ref document: EP

Kind code of ref document: A1