Search

US-12619794-B2 - Security method and device

US12619794B2US 12619794 B2US12619794 B2US 12619794B2US-12619794-B2

Abstract

A security method for a computer, comprising: providing a security device having a communication connection to the computer and a separate communication connection to an external device; and, at the security device: receiving a message having the computer as the intended destination from the external device; verifying the message; and if the message is verified as legitimate, sending a corresponding message to the computer; or if the message is not verified as legitimate, not sending a corresponding message to the computer

Inventors

  • Simon VINCENT

Assignees

  • RAYTHEON SYSTEMS LIMITED

Dates

Publication Date
20260505
Application Date
20240124
Priority Date
20230125

Claims (18)

  1. 1 . A security method for a computer, the method comprising: providing a security device connected to a communication port of the computer and having a separate communication connection to an external device to enable communication over a bidirectional link between the computer and the external device and communication over a unidirectional link from the computer to the external device; and at the security device: receiving a first message via the bidirectional link having the computer as a first intended destination from the external device; verifying the first message; and one of: if the first message is verified as legitimate, sending a first corresponding message to the computer; or if the first message is not verified as legitimate, not sending the first corresponding message to the computer; and in response to receiving a second message via the unidirectional link from the computer to the external device, forwarding the second message to the external device without analysis; wherein the first corresponding message is modified when sent over the bidirectional link to cause the external device to appear, to the computer, to be an external device having different apparent parameters corresponding to functionality of the external device than actual parameters corresponding to functionality of the external device in a manner limiting exposure of one or more device drivers among a plurality of device drivers of the computer to the external device.
  2. 2 . The method of claim 1 , wherein verifying the first message comprises comparing the first message to possible messages that the external device may send to the computer.
  3. 3 . The method of claim 1 , further comprising, at the security device: receiving a third message having the external device as a second intended destination from the computer; and sending a second corresponding message to the external device; wherein verifying the first message comprises confirming that the third message having the external device as the second intended destination was received from the computer so that the first message having the computer as the first intended destination received from the external device may be a response to the third message having the external device as the second intended destination received from the computer.
  4. 4 . The method of claim 1 , further comprising, at the security device: receiving a third message having the external device as a second intended destination from the computer; verifying the third message; and one of: if the third message is verified as legitimate, sending a second corresponding message to the external device; or if the third message is not verified as legitimate, not sending the second corresponding message to the external device.
  5. 5 . The method of claim 4 , wherein verifying the third message comprises comparing the third message to possible messages that the computer may send to the external device.
  6. 6 . The method of claim 1 , wherein content for the second message forwarded to the external device is identical to content received for the second message.
  7. 7 . The method of claim 1 , wherein the first corresponding message is modified from the first message with respect to one or more display parameters.
  8. 8 . A security method for a computer, the method comprising: providing a security device connected to a communication port of to the computer and having a separate communication connection to an external device to enable communication between the computer and the external device; and at the security device: sending one or more request for information messages to the external device regarding operation mode capabilities of the external device; receiving a first message among one or more response messages from the external device indicating operation modes supported by the external device, the first message having the computer as a first intended destination from the external device; verifying the first message; one of: if the first message is verified as legitimate, sending a first corresponding message to the computer; or if the first message is not verified as legitimate, not sending the first corresponding message to the computer; and storing data from the one or more response messages; wherein the first corresponding message is modified to cause the external device to appear, to the computer, to be an external device having different apparent parameters corresponding to operation modes supported by the external device than actual parameters corresponding to operation modes supported by the external device in a manner limiting exposure of one or more device drivers among a plurality of device drivers of the computer to the external device.
  9. 9 . The method of claim 1 , wherein the external device is a monitor.
  10. 10 . A security device comprising: a first communications module configured to be connected to a communication port of a computer; a second communications module configured to be connected to an external device to enable communication over a bidirectional link between the computer and the external device and communication over a unidirectional link from the computer to the external device; and a processor configured to: when the second communications module receives a first message via the bidirectional link having the computer as a first intended destination from the external device, verify the first message; and one of: if the first message is verified as legitimate, send a first corresponding message from the first communications module to the computer; or if the first message is not verified as legitimate, not send the first corresponding message to the computer; and when the first communications module receives a second message via the unidirectional link from the computer to the external device, forward the second message to the external device without analysis; wherein the first corresponding message is modified when sent over the bidirectional link to cause the external device to appear, to the computer, to be an external device having different apparent parameters corresponding to functionality of the external device than actual parameters corresponding to functionality of the external device in a manner limiting exposure of one or more device drivers among a plurality of device drivers of the computer to the external device.
  11. 11 . The security device of claim 10 , wherein, to verify the first message, the processor is configured to compare the first message to possible messages that the external device may send to the computer.
  12. 12 . The security device of claim 10 , wherein the processor is further configured to: receive a third message having the external device as a second intended destination from the computer; and send a second corresponding message to the external device; wherein, to verify the first message, the processor is configured to confirm that the third message having the external device as the second intended destination was received from the computer so that the first message having the computer as the first intended destination received from the external device may be a response to the third message having the external device as the second intended destination received from the computer.
  13. 13 . The security device of claim 10 , wherein the processor is further configured to: when the first communications module receives a third message having the external device as a second intended destination from the computer, verify the third message; and one of: if the third message is verified as legitimate, send a second corresponding message from the second communications module to the external device; or if the third message is not verified as legitimate, not send the second corresponding message to the external device.
  14. 14 . The security device of claim 13 , wherein, to verify the third message, the processor is configured to compare the third message to possible messages that the computer may send to the external device.
  15. 15 . The security device of claim 10 , wherein content for the second message forwarded to the external device is identical to content received for the second message.
  16. 16 . The security device of claim 10 , wherein the first corresponding message is modified from the first message with respect to one or more display parameters.
  17. 17 . A security device comprising: a first communications module configured to be connected to a communication port of a computer; a second communications module configured to be connected to an external device to enable communication over a bidirectional link between the computer and the external device and communication over a unidirectional link from the computer to the external device; and a processor configured to: send one or more request for information messages via the second communications module to the external device regarding operation mode capabilities of the external device; when the second communications module receives a first message among one or more response messages from the external device indicating operation modes supported by the external device, the first message having the computer as a first intended destination from the external device, verify the first message; one of: if the first message is verified as legitimate, send a first corresponding message from the first communications module to the computer; or if the first message is not verified as legitimate, not send the first corresponding message to the computer; and when the second communications module receives the one or more response messages from the external device, store data from the one or more response messages; wherein the first corresponding message is modified to cause the external device to appear, to the computer, to be an external device having different apparent parameters corresponding to operation modes supported by the external device than actual parameters corresponding to operation modes supported by the external device in a manner limiting exposure of one or more device drivers among a plurality of device drivers of the computer to the external device.
  18. 18 . A non-transitory computer-readable medium comprising instructions that, when executed by a processor of a security device, cause the processor to: receive a message having a computer as an intended destination from an external device via a bidirectional link at a security device connected to a communication port of the computer and having a separate communication connection to the external device to enable communication over the bidirectional link between the computer and the external device and communication over a unidirectional link from the computer to the external device; verify the message; and one of: if the message is verified as legitimate, send a corresponding message to the computer; or if the message is not verified as legitimate, not send the corresponding message to the computer; and in response to receiving a second message via the unidirectional link from the computer to the external device, forward the second message to the external device without analysis; wherein the corresponding message is modified when sent over the bidirectional link to cause the external device to appear, to the computer, to be an external device having different apparent parameters corresponding to functionality of the external device than actual parameters corresponding to functionality of the external device in a manner limiting exposure of one or more device drivers among a plurality of device drivers of the computer to the external device.

Description

CROSS-REFERENCE TO RELATED APPLICATION AND PRIORITY CLAIM This application claims priority under 35 U.S.C. § 119(e) to United Kingdom Patent Application No. 2301092.9 filed on Jan. 25, 2023, which is hereby incorporated by reference in its entirety. FIELD OF THE INVENTION The present application relates to a security method and device for providing security for a computer, and in particular to a security method and device for providing security for a computer connected to a display device. BACKGROUND TO THE INVENTION Computers are commonly connected to external devices, such as peripheral devices, in order to provide desired functionality which cannot be provided by the computer itself. For example, a computer may be connected to peripheral devices such as a visual display device, a keyboard, or the like. External devices such as computer peripheral devices are commonly able to carry out bidirectional communications with a connected computer. This bidirectional communication is often required in order to enable the computer to identify the capabilities and operational parameters of the external device, so that the computer can send appropriate instructions and data to the external device in operation. However, a problem which can arise is that an external device may use this bidirectional communication to introduce harmful code or data into the computer, either accidentally, or maliciously. For example, malicious actors may place code in an external device which can be used to take control of the computer, or to access the memory of the computer and steal sensitive information, for example by taking advantage of bugs in external device drivers of the computer. In other examples, even without any malicious intent, a faulty external device could send unintended and unanticipated data to a computer through the bidirectional communication link which data can interact with the external device drivers of the computer in a manner harmful to the proper operation of the computer. The inventors have devised the claimed invention in light of the above considerations. The embodiments described below are not limited to implementations which solve any or all of the disadvantages of the known approaches described above. SUMMARY OF INVENTION This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter; variants and alternative features which facilitate the working of the invention and/or serve to achieve a substantially similar technical effect should be considered as falling into the scope of the invention. The invention is defined as set out in the appended set of claims. In a first aspect of the present invention, there is provided a security method for a computer, the method comprising: providing a security device having a communication connection to the computer and a separate communication connection to an external device; and at the security device: receiving a message having the computer as the intended destination from the external device; verifying the message; and if the message is verified as legitimate, sending a corresponding message to the computer; or if the message is not verified as legitimate, not sending a corresponding message to the computer. This may provide the advantage of preventing messages which are incorrect or comprise malicious code sent from the external device being received by the computer, and so reducing or preventing the risk of accidental or malicious interference in the operation of the computer. In some embodiments, verifying the message comprises comparing the message to possible messages which the external device may send to the computer. This may provide the advantage of an efficient and effective way of identifying messages which may be incorrect or comprise malicious code. In some embodiments, the method further comprises, at the security device: receiving a message having the external device as the intended destination from the computer: and sending a corresponding message to the external device; wherein verifying the message comprises confirming that a message having the external device as the intended destination was received from the computer, so that the message having the computer as the intended destination received from the external device may be a response to the message having the external device as the intended destination received from the computer. This may provide the advantage of an efficient and effective way of identifying messages which may be incorrect or comprise malicious code. In some embodiments, the method further comprises; at the security device: receiving a message having the external device as the intended destination from the computer; verifying the message; and if the message is verified as legitimate, sending a corresponding message to the external device; or if