Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: One or more universal serial bus (USB) devices are connected at a client computer. The USB devices are recognized by the client computer and a determination is made as to whether an application server computer provides functionality for one or more of the USB devices. A specific communication path is provided from the USB device to the server computer if functionality is provided by the application server computer.

Abstract: One or more universal serial bus (USB) devices are connected at a client computer. The USB devices are recognized by the client computer and a determination is made as to whether an application server computer provides functionality for one or more of the USB devices. A specific communication path is provided from the USB device to the server computer if functionality is provided by the application server computer.

Abstract: One or more universal serial bus (USB) devices are connected at a client computer. The USB devices are recognized by the client computer and a determination is made as to whether an application server computer provides functionality for one or more of the USB devices. A specific communication path is provided from the USB device to the server computer if functionality is provided by the application server computer.

Abstract: Systems and methods for enabling trusted software to monitor and control USB traffic associated with a security extension of a host controller and devices in a USB topology is disclosed. A host controller proxy receives USB-related data from a host controller driver, determines whether the data is of a security interest, and if so, sends the data to a driver for a security extension executing in the trusted execution environment. Likewise, after software executing in the trusted execution environment evaluates and appropriately addresses data sent by the HCD proxy or data retrieved from a hardware security extension, the HCD proxy receives data from the trusted execution environment for further dissemination.

Abstract: Automatic protocol migration when upgrading operating systems includes checking, after upgrading at least a portion of an operating system of a host device, whether a new driver supporting enhanced functionality for a portable device is now available, where a driver supporting base functionality would have been previously used for communicating with the portable device. If such a new driver supporting enhanced functionality for the portable device is now available, then the host device installs the new driver supporting enhanced functionality for the portable device.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: In accordance with certain aspects of the automatic protocol determination for portable devices supporting multiple protocols, a portable device detects which one of the multiple protocols is being used by the host device for subsequent communication with the portable device. This detection is based on the content of a command received from a host device. The detected protocol is then used by the portable device for subsequent communication with the host device. The host device may also send, to the portable device, a notification of which of the multiple protocols is being used by the host device.

Abstract: Safe mode operation for portable devices supporting multiple protocols includes a portable device that supports multiple protocols, such as a base functionality protocol and an enhanced functionality protocol, reporting to a host device that the portable device supports only a single protocol (e.g., the base functionality protocol). This single protocol will be used for subsequent communication between the host device and the portable device. This reporting to the host device that the portable device supports only a single protocol can be triggered, for example, by an appropriate button(s) on the portable device being pressed when the portable device is powered on.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: A client driver requests data packet transfers from a peripheral device through a protocol stack and a host controller. The protocol stack receives the data transfer request and allocates the request into the host controller schedule. The host controller schedule requests the data of the peripheral device, and directs the received data into previously allocated buffers. The host controller then sends a signal to the client driver that the respective buffers are filled. The host controller can then deactivate the instructions in the host controller schedule until further notice so that the instructions do not need to be deleted from the schedule. The client driver extracts the data from the buffer, and sends a signal to the host controller that the buffer can be used again. The request in the host controller schedule can then be reactivated without having to necessarily re-insert new instructions into the host controller schedule.

Abstract: Systems and methods for specifying extended configuration descriptor information in a Universal Serial Bus (USB) device are described. In one aspect, an extended configuration descriptor is provided in firmware of a USB device. The extended configuration descriptor includes a set of non-standard class codes. Responsive to receiving a host-specific device request, the USB device communicates the extended configuration descriptor to a requestor.

Abstract: A method for rebalancing bandwidth allocations to peripheral and other devices, particularly for isochronous communications, connected to a computer system via a bus in order to accommodate bandwidth requirements of a newly added device or newly launched application is described. The method is particularly useful in the context of buses such as the Universal Serial Bus (USB) and the IEEE 1394 bus (FireWire) which allow a plurality of devices to be connected to a computer system and even be powered by the bus. The method utilizes a Policy to identify preferred configurations and, furthermore, extends the USB and other standards to specify devices that can dynamically respond to commands to change their bandwidth to another setting.

Abstract: The following system and procedure for specifying an extended configuration descriptor includes a USB device that responds to device requests from a host. In response to receiving a host-specific device request that specifies a predetermined index, the USB device returns an extended configuration descriptor to the requester. The extended configuration descriptor includes information that can be used by the requestor to control the USB device. When the USB device is a composite device, the extended configuration descriptor includes function information corresponding to a plurality of sub-devices. Each function comprises one or more interfaces.

Abstract: The invention described in the instant application provides for a failure-recovery module, which permits automatic investigation of possible reasons for the failure and takes corrective action in a manner transparent to the user. The failure-recovery module, which is a software module, is useful in evaluating a device connected to a master-slave bus to determine whether it has failed. In the event the device is still connected to the master-slave bus but is non-responsive, the failure-recovery module resets the device, e.g., by turning off the power to the affected device and rebooting the device with a cold start. The failure-recovery module diagnoses the failure of a device by determining if the device is still connected to the master-slave bus. Then, the failure-recovery module sets a flag to mark the device as having failed while disabling access to devices downstream of the failed device.

Abstract: The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected.

Abstract: A USB device is configured to support a non-USB-defined device request that is specific to an application program or operating system. The device request is supported by using a device-specific or vendor-specific request code, which is allowed to vary from device to device. To determine the proper request code, the host performs a GET_DESCRIPTOR device request, specifying a predetermined string descriptor. The requested string descriptor designates the request code to be used in the non-USB-defined device request.

Abstract: The following system and procedure for specifying an extended configuration descriptor includes a USB device that responds to device requests from a host. In response to receiving a host-specific device request that specifies a predetermined index, the USB device returns an extended configuration descriptor to the requester. The extended configuration descriptor includes information that can be used by the requestor to control the USB device. When the USB device is a composite device, the extended configuration descriptor includes function information corresponding to a plurality of sub-devices. Each function comprises one or more interfaces.