Protecting a system from attack via a device attached to a usb port
US-2022019549-A1 · Jan 20, 2022 · US
Controlling access to peripheral ports of a host computing system
US11373014B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11373014-B2 |
| Application number | US-202016947173-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 21, 2020 |
| Priority date | Jul 21, 2020 |
| Publication date | Jun 28, 2022 |
| Grant date | Jun 28, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The first data includes device identifiers of a first peripheral device and a port identifier of the port. Further, the IC is to receive a security action from the manageability controller and implement the security action on the port. The security action is determined based on comparison of the first data and the second data including access control rules, where the security action is linked to each access control rule, and where each access control rule has the port identifier mapped to predetermined device identifiers of a second peripheral device.
First claim
Opening claim text (preview).
What is claimed is: 1. A host computing system comprising: a port management integrated-circuit chip (IC), a plurality of peripheral device hubs, and a manageability controller, wherein each hub of the plurality of peripheral device hubs comprises at least one port, wherein the port management IC comprises a machine readable medium storing program instructions, and a processing resource operably coupled to the machine readable medium, wherein the processing resource executes the program instructions to: receive a first data from the plurality of peripheral device hubs, wherein the first data comprises a plurality of device identifiers of a first peripheral device and a port identifier of the at least one port; communicate the first data to the manageability controller; receive at least one security action from the manageability controller, wherein the at least one security action is determined by the manageability controller based on comparison of the first data with a second data comprising a plurality of access control rules, wherein the at least one security action is linked to each access control rule, and wherein each access control rule has the port identifier of the at least one port, mapped to a plurality of predetermined device identifiers of a second peripheral device; and implement the at least one security action on the at least one port. 2. The host computing system of claim 1 , wherein the at least one security action comprises at least one of accepting the first peripheral device, rejecting the first peripheral device, or disabling the at least one port. 3. The host computing system of claim 1 , wherein a hub of the plurality of peripheral device hubs is to obtain the first data upon plugging or mounting of the first peripheral device to the at least one port belonging to the hub. 4. The host computing system of claim 1 , wherein the processing resource further executes the program instructions to log the at least one security action implemented on the at least one port upon plugging or mounting of the first peripheral device to the at least one port, in a log file. 5. The host computing system of claim 1 , wherein the at least one security action is linked to each access control rule is determined based on a type of the second peripheral device. 6. The host computing system of claim 1 , wherein the at least one port comprises one of a physical port or a virtual port. 7. The host computing system of claim 1 , wherein the first and second peripheral devices comprise a universal serial bus (USB) device. 8. The host computing system of claim 1 , wherein the at least one port comprises a universal serial bus (USB) port. 9. The host computing system of claim 1 , wherein the plurality of predefined device identifiers comprises a vendor identifier of the second peripheral device, a class description of the second peripheral device, and a sub-class description of the second peripheral device. 10. A method comprising: receiving, by a port management integrated-circuit chip (IC) of a host computing system, a first data from a plurality of peripheral device hubs, wherein the first data comprises a plurality of device identifiers of a first peripheral device and a port identifier of at least one port; communicating, by the port management IC, the first data to the manageability controller of the host computing system; receiving, by the port management IC, at least one security action from the manageability controller, wherein the at least one security action is determined by the manageability controller based on comparison of the first data with a second data comprising a plurality of access control rules, wherein the at least one security action is linked to each access control rule, wherein each access control rule has the port identifier of the at least one port, mapped to a plurality of predetermined device identifiers of a second peripheral device, and wherein the manageability controller and the port management IC are discrete components; and implementing, by the port management IC, the at least one security action on the at least one port. 11. The method of claim 10 , wherein the at least one security action comprises at least one of accepting the first peripheral device, rejecting the first peripheral device, or disabling the at least one port. 12. The method of claim 10 , further comprising, obtaining, by a hub of the plurality of peripheral device hubs, the first data upon plugging or mounting of the first peripheral device to the at least one port belonging to the hub. 13. The method of claim 10 , further comprising, logging, by the port management IC, the at least one security action implemented on the at least one port upon plugging or mounting of the first peripheral device to the at least one port, in a log file. 14. The method of claim 10 , wherein the at least one security action linked to each access control rule is determined based on a type of the second peripheral device. 15. The method of claim 10 , wherein the at least one port comprises one of a physical port or a virtual port. 16. The method of claim 10 , wherein the first peripheral device and the second peripheral device comprise a universal serial bus (USB) device, and wherein the at least one port comprises a universal serial bus (USB) port. 17. The method of claim 10 , further comprising, one or more of receiving or updating, by the manageability controller, the second data through a web-console of the manageability controller or through a representational state transfer (RESTful) command. 18. The method of claim 10 , wherein the plurality of predefined device identifiers comprises a vendor identifier of the second peripheral device, a class description of the second peripheral device, and a sub-class description of the second peripheral device. 19. A non-transitory machine readable medium storing instructions executable by a processing resource of a port management integrated-circuit chip (IC), the instructions comprising: instructions to receive a first data from a plurality of peripheral device hubs, wherein the first data comprises a plurality of device identifiers of a first peripheral device and a port identifier of at least one port; instructions to communicate the first data to a manageability controller of the host computing system; instruction to receive at least one security action from the manageability controller, wherein the at least one security action is determined by the manageability controller based on comparison of the first data with a second data comprising a plurality of access control rules, wherein the at least one security action is linked to each access control rule, wherein each access control rule has the port identifier of the at least one port, mapped to a plurality of predetermined device identifiers of a second peripheral device, and wherein the manageability controller and the port management IC are discrete components; and instructions to implement the at least one security action on the at least one port. 20. The non-transitory machine readable medium of claim 19 , wherein the at least one security action comprises at least one of accepting the first peripheral device, rejecting the first peripheral device, and disabling the at least one port.
Assignees
Inventors
Classifications
- G06F21/83Primary
input devices, e.g. keyboards, mice or controllers thereof · CPC title
- G06F21/85Primary
interconnection devices, e.g. bus-connected or in-line devices · CPC title
Tools and structures for managing or administering access control systems · CPC title
by creating or determining hardware identification, e.g. serial numbers · CPC title
on a serial bus, e.g. I2C bus, SPI bus (on daisy chain buses G06F13/4247) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11373014B2 cover?
- Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The f…
- Who is the assignee on this patent?
- Hewlett Packard Entpr Dev Lp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/83. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 28 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).