US 20140019652A1
(19) United States
(12) Patent Application Publication (10) Pub. N0.: US 2014/0019652 A1
SOFFER
(54)
(43) Pub. Date:
SECURE KM SWITCH
(52)
Jan. 16, 2014
US. Cl.
CPC ...................................... .. G06F 3/02 (2013.01)
(75)
Inventor:
Aviv SOFFER, Caesarea (IL)
USPC .......................................................... .. 710/73
(73) Assignee: HIGH SEC LABS LTD.,Yokneam (IL)
(57)
(21) Appl. No.:
13/979,975
(22)
PCT Filed;
Jam 15, 2012
(86)
PCT No.1
PCT/IL2012/050012
ABSTRACT
A system enabling a computer user to securely share a single
set of keyboard and mouse (KM) among multiple isolated
computers. The system enables one set of peripheral devices
to independently interact With multiple coupled isolated com
§ 371 (6X 1 )’_
puters through mouse position analysis on a virtual display
(2), (4) Date- Oct‘ 4’ 2013
Related US. Application Data
area corresponding to multiple physical user displays of the
particular installation. The system may be used to enable
_ _
_
_
computer user having multiple isolated computers each With
(60) 52031811051211 apphcanon NO‘ 61/433322’ ?led on Jan‘
’
one or more coupled display to automatically sWitch a single
'
set of keyboard mouse and other peripheral devices betWeen
Publication Classi?cation
(51) Int. Cl.
G06F 3/02
600
the different computers. As isolated computers may have
different security levels, the method and apparatus of the
present invention prevents and potential data leakages
betWeen computers and coupled netWorks.
(2006.01)
602
\-‘
ITI
36
-729—‘
y 28
35
33
‘8m
25
5. B. 40a 39b 5. 5. 4013390 U. B. 40c 39d 5. 5. 0d
26
*1’ --
g t 98 14]
42 -
S
5044 19 3 f
‘
29
3921
27
38a 37b
32a
)
3O
38b 37C
38c 37d
38d
34c
34d
37a
34a
l7a—A
-/\11a
32b
34b
17b
-/\11b
32c
A
17c—A
11¢
32d
k
17d
wild
‘
I.
10a
10b
A621
9a
,.[:1
75a A’
J‘6c
9c
75b A
a
A221
10d
J‘6b
9b
‘Y
|.[:]
10c
'
7 c A
‘Y
'
-"6d
9d
a
Id ASd
‘Y
‘Y
J‘ 2b
-" 2c
|
-/\2d
l
l
Patent Application Publication
Jan. 16, 2014 Sheet 1 0f 16
8gwo§
02U2
@wg/ow\.
‘M
0ano
US 2014/0019652 A1
Patent Appllcatlon Publlcatlon
Jan. 16, 2014 Sheet 2 0f 16
US 2014/0019652 A1
we
Qbg8go@(Iwwg.
00@ono
so
N2cZ5éE%V
com
Patent Application Publication
1
4 S hm
U6.,w/\.
m
cum.ۤ
\v
\L
\
P11LO|.1IVlJI.
QaE“S025pi
Q22:“2
com
8Rha
8
2i
m0wmzxg.
Q3
0f
16
US 2014/0019652 A1
Patent Application Publication
8<
Jan. 16, 2014 Sheet 4 0f 16
US 2014/0019652 A1
ONT‘
w9Q J5BE%V
Patent Application Publication
Jan. 16, 2014 Sheet 5 0f 16
US 2014/0019652 A1
m9QE5émV
Patent Application Publication
Jan. 16, 2014 Sheet 6 0f 16
US 2014/0019652 A1
@20 .:8%?:
Patent Application Publication
Jan. 16, 2014 Sheet 9 0f 16
mm?fxa?» a
Q§€
@N/\
“.(wHawnmw g
wiog
v"ONO/km
m£12 %
n@2 Q8?2S?m26QzE/xQ1
k
“
\
m
n
o
"+|n%l ln._?m
R
_\
w
/
r
r
1f
4
1Dram
(1a%"v
k
/
V-
00%New
US 2014/0019652 A1
a39mm
Patent Application Publication
Jan. 16, 2014 Sheet 10 0f 16
mnN/<\|.
US 2014/0019652 A1
Q
£§“wk,
M
amJ
1m3% mRNwQ/\.Qa?w/NQ
m
@133nww‘+/\I i
28:5
v
é
1
1
a
‘vN“
n(E09x@w
%
HJ,
“wmiim
pi/lm
WW
‘LL
in
r I“
»+“|
E
"
<
,_ NMb
0%
AI»
1f
41‘numb?bagrbog1i
3
Q
“iV
“woo‘
v
N8/
Patent Application Publication
a n.
1 6., 2 0
ea
16
US 2014/0019652 Al
41.
EaL
285m
_
coo
Patent Application Publication
Jan. 16, 2014 Sheet 12 0f 16
e2a223E28EmM
WV
W
g
Q
m"
N
_.UH
U
Q® kUQ§n®»
m
Q$OQ9N8QOMEQM
Q /\
Q5““SN
“N8New
r
f
“SS3w
Q50%Q
US 2014/0019652 A1
f
f
r
p
1
F
i
NH2:?
Patent Application Publication
Jan. 16, 2014 Sheet 13 0f 16
US 2014/0019652 A1
\
1
w
f
/
:8:Sm2:3:huw3o:w0:z
“NH/S
1?n»
5w
89%
02£8
“.2QHi
8w
U8.
v
\
~
~
N8“8w
“Sb“N8
8E8mm:282v2<<3:09.5%$3:i:a:6m
0X
W?
mwinmg
22:5
Patent Application Publication
03 Ba
Jan. 16, 2014 Sheet 14 0f 16
US 2014/0019652 A1
20
S2:?
8pm
Patent Application Publication
Jan. 16, 2014 Sheet 15 0f 16
US 2014/0019652 A1
__
2
m
mm
285%
__
a.“
N
m
L
__
N
=
:5m“o9cEw6
T?4
<Pnmuiw ;
F
(hm
Patent Application Publication
Jan. 16, 2014 Sheet 16 0f 16
US 2014/0019652 A1
-wR5E“.Nimo49Scl?H%iwQ“
mw"u.n_o<zm
m
gna
N
H
PDP'WHO'FI-OZE-JE-‘_IUU-LHDUE:I
8as?
US 2014/0019652 A1
SECURE KM SWITCH
FIELD OF THE INVENTION
[0001]
The present invention relates to a system that
enables a computer user to securely share a single set of
keyboard and mouse (KM) among multiple isolated comput
Jan. 16, 2014
secure KVMs supporting multiple displays available
today, this solution tends to be less ?exible and relatively
expensive.
[0008] 3. Using KM (Keyboard Mouse) sWitch to enable
user interaction With multiple isolated computers through
multiple isolated displays and one set of keyboard and
mouse. Shared keyboard and mouse through softWare or
ers. More particularly, the invention discloses a method appa
ratus and system to enable one set of peripheral devices to
hardWare KM provides access to multiple computers by
independently interact With multiple coupled isolated com
puters through mouse position analysis on a virtual display
area corresponding to multiple physical user displays of the
play. Unlike KVM the KM sWitches only the keyboard and
particular installation.
means of manual sWitching or even continues virtual dis
mouse, While the display outputs are not passed or
sWitched through the KM.
What is needed is a secure KM sWitch that enables secure
BACKGROUND OF THE INVENTION
isolation betWeen the coupled computers. Such needed
There are many cases Where a single user may need
computers While vieWing multiple displays. The needed
device Will enable seamless user interaction With the isolated
[0002]
to access multiple isolated computing systems. Due to secu
rity reasons it may be critical that isolated computing systems
Will not be connected together to prevent potential data leak
ages and to block certain security attacks. Any peripheral
device shared betWeen tWo or more isolated netWorks may be
a target for external or internal attackers. Common attack
secure KM sWitch Will require minimal softWare and hard
Ware installation in the coupled computers.
[0009] Information on some commercially available sys
tems may be found in:
[0010] l. Adder TS4 Four-port keyboard and mouse
sWitch User’s Manual (http://WWW.adder.com/uk/prod
strategy is to cause a permanent or temporary data leakage
path betWeen the tWo coupled netWorks to enable data theft,
unauthoriZed data modi?cation or unauthorized data import.
To alloW a single user to operate multiple computers coupled
ucts/Manuals/TS4/ADDER_TS4_vlilcpdf)
[0011]
UK/products/Manuals/CCS4-USB/AdderCCS4
USBv2-0d.pdf)
to multiple isolated netWorks KVM (KeyboardVideo Mouse)
sWitch may be used. KVM sWitch connected to one set of user
keyboard, mouse and display on one side and to multiple
computers on the other side provides the user With the ability
to interact With one speci?c computer at a time.
[0003] One speci?c scenario area of concern is leakage
betWeen a classi?ed computer system or netWork and a non
classi?ed netWork such as a netWork attached to the intemet.
Such leakage may serve as an agent inside the classi?ed
[0012]
[0013]
1. Using multiple displays and multiple sets of user
peripheral devices.
[0006] Some organizations are enforcing isolation by
placing tWo or more isolated sets of user peripheral
devices on the user’s desktop. Isolation is assured as
there is no electrical contact betWeen the multiple com
4. Waterfall Remote Screen VieW, from Water
fallTM Security Solutions Ltd. (http://WWW.Waterfallse
curity.com/remote-screen-vieW/)
[0014]
5. Multiplicity from Stardock Corporation,
(http://WWW.stardock.com/products/multiplicity/)
OTHER REFERENCED PATENTS AND
APPLICATIONS
solutions for single user operating multiple isolated comput
[0005]
3. Actionstar USB KM sWitch speci?cations
(http://WWW.actionstar.com.tW/products_details.
php?l:0&pro_id:8 l)
netWork to send classi?ed data to unknoWn hostile organiZa
tions in any location in the World.
[0004] Over the past years there Were several common
ers:
2. Adder CCS4USB Four-port keyboard and
mouse sWitch User’s Manual (http://WWW.adder.com/
[0015] 1. United States Patent Application 2002/0105553;
to Marc Segre; “Automated Keyboard Mouse SWitch”.
[0016] 2. United States Patent Application 2010/0185797;
to Hsi-Jung Tsai, et. al.; “Keyboard-Mouse SWitch and
SWitching Method Thereof’.
[0017]
3. US. Pat. No. 5,825,357; to Mark Malamud;
“Continuously accessible computer system interface”.
puters. Major disadvantage of this solution is its inherent
reduced usability. Users ?nd it hard to divert their atten
SUMMARY OF THE INVENTION
tion betWeen multiple systems. This solution also takes
additional valuable user desktop space. If more than tWo
isolated computers needed for a user, these usability and
desktop space disadvantages tend to get Worsen.
[0007] 2. Using KVM sWitch or Secure KVM to enable
[0018] The present invention, relates to a Secure KM (Key
board Mouse) sWitch to be used With multiple isolated com
puters and multiple displays.
KVM provides higher assurance that coupled computers
[0019] More particularly, the invention presents a secure
KM sWitch having unidirectional enforced data How from
user peripherals to coupled hosts to prevent data leakages and
successful signaling attacks. Secure KM sWitch having the
security functions disclosed herein may be used to enable
single user having single set of user keyboard and mouse to
comfortably interact With a plurality of isolated computing
Would not leak data to one another. While this solution
devices such as: personal computer desktops, thin-clients,
provides better usability, it is not suitable for users that
need to see multiple displays simultaneously. Users such as
laptop computers, tablet computers, PDAs, cellular phones
traders need to see various data from multiple sources
[0020] According to an exemplary embodiment of the cur
rent invention, a secure KM sWitch is provided, comprising:
user interaction With multiple isolated computers through
one set of peripherals. This solution reduces the desktop
space needed and provides better usability. As conven
tional KVMs may leak data betWeen coupled isolated com
puters, in many cases a Secure KVM is used. This type of
presented at all time on multiple displays. Although some
etc.
US 2014/0019652 A1
Jan. 16, 2014
device to one of the host ports through channel select sWitch
controlled by the System Controller function. Each one of the
[0021] Keyboard peripheral port to connect a standard user
keyboard through bi-directional serial interface such as USB
or P/2. Inside the Secure KM SWitch the peripheral port is
coupled to a keyboard host emulator function connected
through keyboard channel select sWitch to unidirectional ?oW
forcing functions at the other side. Keyboard host emulator
communicates With the user keyboard through standard bidi
peripheral port and the traf?c after initial quali?cation to
detect certain abnormalities. Once an abnormality is being
detected, the monitoring function drives the quali?cation
rectional peripheral protocol such as USB or PS/2 and trans
lates user key-codes into standard or proprietary unidirec
microcontroller to revert back to quali?cation mode.
[0025] In some embodiments the additional circuitry is
tional serial protocol. This standard or proprietary serial
protocol is then passed through a unidirectional ?oW forcing
function to assure that data Will only How from the keyboard
ho st emulator function to the keyboard device emulator of the
selected channel. A keyboard channel select sWitch con
trolled by the System Controller function sWitches the said
standard or proprietary unidirectional serial protocol data
only to one host channel at a time. In each host channel, the
keyboard device emulator function translates the incoming
[0024]
One enhancement of this security function is
through the use of a monitoring function that monitors the
comprises a monitor-able USB hub, and Wherein said periph
eral sWitch is coupled to one peripheral port through the
monitor-able USB hub.
[0026] Another further enhancement of this security func
tion is achieved through additional physical/electrical port
monitoring function. This function detects physical connec
tor removal, current draW to the device or ground plane con
tinuity to alert the quali?cation microcontroller in case that
device Was disconnected from the port.
[0027]
Alternative embodiment of the present invention
data back into standard bi-directional keyboard data How. A
serial jack at the Secure KM sWitch panel couple this bi
directional data into the selected host port via a connecting
cable. This keyboard peripheral security function assures that
data cannot ?oW back into the keyboard port and also assures
proprietary bidirectional communication link to a user
that only quali?ed keyboard Will be enumerated and sup
ported by the Secure KM sWitch device.
nel select sWitch and coupled computers peripheral port. This
[0022] A Mouse peripheral port to connect a standard user
mouse or pointing device through bi-directional serial inter
face such as USB or P/2. Inside the Secure KM SWitch the
mouse peripheral port is coupled to a mouse host emulator
function connected through the mouse channel select sWitch
to unidirectional ?oW forcing functions at the other side.
Mouse host emulator communicates With the user mouse
through standard bidirectional peripheral protocol such as
USB or PS/ 2 and translates user mouse commands into stan
dard or proprietary unidirectional serial protocol. This stan
dard or proprietary serial protocol is then passed through a
unidirectional ?oW forcing function to assure that data Will
only How from the mouse host emulator function to the mouse
device emulator of the selected channel. A mouse channel
select sWitch controlled by the System Controller function
sWitches the said standard or proprietary unidirectional serial
protocol data only to one host channel at a time. In each host
channel the mouse device emulator function translates the
incoming data back into standard bi-directional mouse data
How. A host mouse jack at the Secure KM sWitch panel couple
this bi-directional data into the selected host serial port via a
may be implemented using a dedicated user authentication
peripheral port coupled to a user authentication port host
emulator. This host emulator is coupled through a standard or
authentication device emulator that is coupled into the chan
arrangement prevents direct read-Write access betWeen the
computer port and the device and therefore reduces the risk of
data leakages through attacks on the user authentication sys
tem.
[0028] In some embodiments the quali?cation controller,
host emulator, device emulator are ?eld programmable to
enable ?eld customiZation to speci?c peripherals.
[0029] In some embodiments of the present invention a
Trusted Platform Module (TPM) may be added on the Secure
KM SWitch to further enhance computer security. TPM may
be coupled to above mentioned peripheral security functions
to enable reporting and logging of suspected peripheral ports
attack events. It should be noted that peripheral attack events
may be aimed at computer ports side (internal attacks) or at
the secure port side (external attack).
[0030] TPM or anti-tampering events and logs may be
routed to a coupled host or through a dedicated out-of-band
management channel. A trust chain from one or more of the
coupled trusted computers may be extended to the secure KM
sWitch using TPM authentication.
[0031]
In some embodiments of the present invention the
Secure KM SWitch is further having audio sWitching circuitry
connecting cable. This mouse peripheral security function
to enable computer audio out or audio in channel sWitching
assures that data cannot ?oW back into the mouse port and
synchronously or asynchronously With the channel selection.
[0032] Another aspect of the invention is to provide a
secured multi-computer system using a KM sWitch compris
also assures that only quali?ed mouse Will be enumerated and
supported by the Secure KM SWitch device.
[0023] Approved user authentication device may be
coupled into the Secure KM SWitch user authentication
device dedicated port that is coupled to the user authentica
tion device mode sWitch. During initial connection or poWer
up, this sWitch couples the user authentication device dedi
cated port into the quali?cation microcontroller function.
This quali?cation microcontroller function enumerates the
coupled user authentication device and checks if it is a quali
?ed device based on preprogrammed quali?cation criterions.
The same quali?cation microcontroller function drives the
said user authentication device mode sWitch. Once the device
is quali?ed the quali?cation microcontroller move the user
authentication device mode sWitch to couple the connected
mg:
a secure KM sWitch apparatus comprising: a user keyboard
port capable of interfacing With a user keyboard; a keyboard
host emulator to emulate computer host coupled to user key
board port on one side and to keyboard channel select sWitch
on the other side; at least one unidirectional ?oW forcing
circuitry to assure that data is only ?oWing from keyboard
channel select sWitch to coupled keyboard device emulators
and no other data may ?oW from the keyboard device emu
lators back to the keyboard channel select sWitch and to the
coupled keyboard host emulator; a keyboard channel select
sWitch controlled by System Controller function to connect
only one selected channel keyboard device emulator to the
US 2014/0019652 A1
Jan. 16, 2014
Secure KM SWitch system is independently coupled to a
said unidirectional ?oW forcing circuitry at a time; a plurality
of keyboard device emulators, to emulate a standard keyboard
or replicated identity of user keyboard for each one of the
single or multiple isolated displays.
coupled computer channels through host keyboard ports; a
plurality of host keyboard ports for coupling coupled com
ti?c terms used herein have the same meaning as commonly
understood by one of ordinary skill in the art to Which this
[0040]
Unless otherWise de?ned, all technical and scien
puters through cables; a user mouse port to connect a standard
invention belongs. Although methods and materials similar or
user mouse or pointing device; a mouse host emulator to
equivalent to those described herein can be used in the prac
emulate computer ho st coupled to user mouse port on one side
and to mouse channel select sWitch on the other side; at least
tice or testing of the present invention, suitable methods and
one unidirectional ?oW forcing circuitry to assure that data is
only ?oWing from said mouse channel select sWitch to
coupled mouse device emulators and no other data may ?oW
the materials, methods, and examples are illustrative only and
materials are described beloW. In case of con?ict, the patent
speci?cation, including de?nitions, Will control. In addition,
not intended to be limiting.
from the mouse device emulators back to the mouse channel
select sWitch and to the coupled mouse host emulator; a
BRIEF DESCRIPTION OF THE OF THE
DRAWINGS
mouse channel select sWitch controlled by System Controller
function to connect only one selected channel mouse device
emulator at a time to the said unidirectional ?oW forcing
circuitry; a plurality of mouse device emulators to emulate
standard mouse device for each one of the coupled computer
channels through host mouse ports; a plurality of host mouse
ports for coupling coupled computers through cables; and a
System Controller function to control said keyboard channel
select sWitch and mouse channel select sWitch based on user
inputs;
[0033]
and at least a ?rst and a second mutually isolated
computer systems, each comprising: a computer having: a
computer keyboard port coupled through said cables to said
respective host keyboard port; a computer mouse port
coupled through said cables to said respective host mouse
port; and a display coupled to said computer,
[0034] Wherein: only one of said ?rst and second computer
systems is controlled bay said user keyboard and user mouse
at the time, and no information may be exchanged betWeen
said ?rst and second mutually isolated computer systems
through said secure KM sWitch apparatus.
[0035] In some embodiments the ?rst and second computer
systems are connected to a ?rst and a second different net
Works, and no information may be exchanged betWeen said
?rst and second netWorks through said secure KM sWitch
apparatus.
[0036]
Yet another aspect of the invention is to provide a
[0041]
Some embodiments of the invention are herein
described, by Way of example only, With reference to the
accompanying draWings. With speci?c reference noW to the
draWings in detail, it is stressed that the particulars shoWn are
by Way of example and for purposes of illustrative discussion
of the preferred embodiments of the present invention only,
and are presented in the cause of providing What is believed to
be the most useful and readily understood description of the
principles and conceptual aspects of the invention. In this
regard, no attempt is made to shoW structural details of the
invention in more detail than is necessary for a fundamental
understanding of the invention, the description taken With the
draWings making apparent to those skilled in the art hoW the
several forms of the invention may be embodied in practice.
[0042] In the draWings:
[0043]
FIG. 1 illustrates a high-level block-diagram of a
prior-art multiple isolated computers system having multiple
independent displays and independent keyboards and mice.
[0044] FIG. 2 illustrates another high-level block-diagram
of a prior-art multiple isolated computers system having a
conventional KVM to enable use of a single set of user key
board, mouse and display.
[0045] FIG. 3 illustrates yet another high-level block-dia
gram of a prior art multiple computers system having serial
interconnect cables and local softWare applications to syn
chroniZe a single set of user keyboard and mouse With mul
method of securely coupling a plurality of computer systems
tiple connected computers.
to a single keyboard and a single mouse comprising: connect
ing a single user mouse a host emulator capable of extracting
[0046] FIG. 4 illustrates a high-level block-diagram of yet
another prior art multiple computers system having common
LAN (Local Area NetWork) interconnect and local softWare
mouse commands from said user mouse; selecting one of a
plurality of isolated computer systems to receive said
extracted mouse commands; passing said extracted mouse
commands to said selected isolated computer system through
a unidirectional ?oW forcing circuitry and a device emulator.
[0037] In some embodiments the method further comprises
connecting a single user keyboard a host emulator capable of
extracting mouse commands from said user keyboard; and
passing said extracted keyboard commands to said selected
isolated computer system through a unidirectional ?oW forc
ing circuitry and a device emulator.
[0038] In some embodiments passing the extracted key
board commands to the selected isolated computer system is
through a keyboard device emulator; and passing the
applications to synchronize a single set of user keyboard and
mouse With multiple connected computers.
[0047] FIG. 5 illustrates another high-level block-diagram
of a prior art multiple computers system having multiple
independent display and a non-secure KM sWitch. In this
system computers are linked together With serial interconnect
cables to enable synchronized user interaction With multiple
connected computers through a single set of user keyboard
and mouse.
[0048] FIG. 6 illustrates another high-level block-diagram
of a prior art multiple computers system having multiple
independent display and a non-secure KM sWitch. In this
system computers are not linked together With serial inter
connect cables. Mouse host emulation enables user pointer
extracted mouse commands to the selected isolated computer
system is through a mouse device emulator.
location tracking by the KM sWitch.
[0039] Unlike the prior-art KVMs or Secure KVMs this
KM does not affect the video output of the coupled comput
system having multiple displays coupled directly to the mul
ers. Each one of the computers or video sources coupled to the
tiple computers and having a secure KM sWitch to enable user
[0049]
FIG. 7 illustrates a high-level block-diagram of a