Abstract: A security module and method implements data requests from a USB or other similar device, in which a secure component can communicate securely with a device without modifying the underlying USB bus protocol, or the device, even where the software controlling the bus is untrusted. A security module (physically separate or integrated into a device or hub) intercepts data being sent from device to secure component in response to a data request. A “not acknowledged” signal is sent to the secure component, and the data is encrypted. The next data request is intercepted, and the encrypted data sent in response. The acknowledgement from the secure component to the device is allowed to reach the device. In order to handle a setup request, an allow command is sent to the security module, which includes the encrypted and unencrypted setup command. If an encryption check is successful, a setup command sent to the device (via the security module) is allowed to reach the device.

Abstract: A security module and method implements data requests from a USB or other similar device, in which a secure component can communicate securely with a device without modifying the underlying USB bus protocol, or the device, even where the software controlling the bus is untrusted. A security module (physically separate or integrated into a device or hub) intercepts data being sent from device to secure component in response to a data request. A “not acknowledged” signal is sent to the secure component, and the data is encrypted. The next data request is intercepted, and the encrypted data sent in response. The acknowledgement from the secure component to the device is allowed to reach the device. In order to handle a setup request, an allow command is sent to the security module, which includes the encrypted and unencrypted setup command. If an encryption check is successful, a setup command sent to the device (via the security module) is allowed to reach the device.