Download Security switch
Transcript
US 20130340069A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2013/0340069 A1 Yoffe et al. (54) (43) Pub. Date: SECURITY SWITCH Publication Classi?cation (71) ApplicantszSimon Yoffe, Givat Shmuel (IL); David Yoffe, Givat Shmuel (IL) (72) (51) Int. Cl. G06F 21/30 (52) US. Cl. Inventors: Simon Yoffe, Givat Shmuel (IL); David USPC .......................................................... .. 726/17 (57) APP 1. No.: 13/969,748 _ (2006.01) CPC .................................... .. G06F 21/30 (2013.01) Yoffe, Givat Shmuel (IL) 21 Dec. 19, 2013 ABSTRACT S y stem and method for securing a P ersonal device that includes a device core and a peripheral device from unautho _ riZed access or operation. The system comprises an isolated (22) Flled' Aug‘ 19’ 2013 sWitch, included fully or partially Within an envelope of the personal device. The isolated sWitch cannot be affected in its operation by either the device core or the peripheral device. Related US Application Data _ _ _ _ _ The sWitch may be operated by an authorized user of the (63) commuanon'm'pan of apphcanon NO‘ 13/020304?’ ?ledoPFel?3,2011,110WPat-P10385223”,Whlchls personal device either preemptively or in response to a detected threat. In some embodiments, the isolated sWitch a connnuanon'm'pan of apphcanon NO‘ 11/741,751’ includes an isolated controller Which can send one or more ?1edOnAPr'29>2007’nOW Pat No' 8,090,961' signals to the peripheral device and/or part of peripheral (60) provisional application NO_ 60/881,510’ ?led on Jan 22’ 2007_ device. In some embodiments, the isolated sWitch includes an isolated internal component and an isolated external compo (30) Foreign Application Priority Data nent, both required to Work together to trigger the isolated sWitch operation. In some embodiments, the isolated sWitch Feb. 5, 2010 (RU) ................................ .. 201000159 includes an isolated disconnector for connecting and discon necting the device core from part of the peripheral device. Personal Device 64 Device core 100 500 Isolated switch 102 Input Mode Indicator 1 300 200 Switch Mode Indicator ‘ 1501ate d disconnector // \\ / / Isolated User Input Logic 400 \ /// \\\ // \ \ é - - Communication components 602 ‘ smsor com poncms 600 Uscr In ut p Components 402 Peripheral Device 1 04 Patent Application Publication Dec. 19, 2013 Sheet 1 0f 16 US 2013/0340069 A1 FIG. 1 100 Device core _ 7‘ Personal Device 50 V Isolated switch Peripheral Device 102 1 O4 Patent Application Publication Dec. 19, 2013 Sheet 2 0f 16 US 2013/0340069 A1 FIG. 2 100 Device core Personal Device 52 Isolated switch 1 02 V Isolated disconnector 200 Peripheral Device 1 O4 Patent Application Publication Dec. 19, 2013 Sheet 3 0f 16 US 2013/0340069 A1 FIG. 3 Personal Device 54 100 Device core Isolated switch 102 SWl.tch Mode Indicator isolated disconnector 200 300 Peripheral Device 1 O4 Patent Application Publication Dec. 19, 2013 Sheet 4 of 16 FIG. 4 Personal Device 56 Device core 1 00 ‘\\ \\ Isolated switch 1 \\ \ Isolated User Input 400 Logic / / / // // Yé// User Input components Peripheral Device 104 4'02 US 2013/0340069 A1 Patent Application Publication Dec. 19, 2013 Sheet 5 0f 16 FIG. 5 Personal Device 58 1 00 Device core /{ // //// ///’ Isolated switch 1 02 Isolated User Input 7 Lngic l \\\l User Input components Peripheral Device 104 402 US 2013/0340069 A1 Patent Application Publication Dec. 19, 2013 Sheet 6 0f 16 US 2013/0340069 A1 FIG. 6 Personal Device 60 1 00 Device core Isolated switch 200 Isolated disconnecwr 400 lsolzited User Input lllpllt Mode Logic \ Indicator ‘ User Input components Peripheral Device 1 O2 1 O4 402 500 Patent Application Publication Dec. 19, 2013 Sheet 7 0f 16 US 2013/0340069 A1 FIG. 7 Personal Device 62 Device core 100 ll Isolated switch 200 V . Isolated disconnector / // ‘/// ' Communication Components l l LS0 éted User 1 “put ogic \\ \ ‘y 602 102 40o \\dl User Input it beiisor components 600 Components 402 Peripheral Device 1 04 Patent Application Publication Dec. 19, 2013 Sheet 8 0f 16 US 2013/0340069 A1 FIG. 8 Personal Device Device core 64 100 500 Isolated switch 1 02 Input Mode Indicator A 300 S W.'t C h 200 M d lndlcator . Isolated disconnector 0 6 // Communication components ( V lsolimd User Input LOglC \\\ 400 User In ut 602 Sensor components 600 p Components 402 Peripheral Device 1 O4 Patent Application Publication Dec. 19, 2013 Sheet 10 0f 16 Vd US 2013/0340069 A1 Vd 1 To cirouils to Dc inierupled ‘ Kcya KeyZ M Key'\ Key-1 ‘ l i 4\i Reset W Data Key 2 To main Keyboard E FL4 0N2 FL2 1 1 One'shm Mi Key 1 m FIG. 12 Patent Application Publication Dec. 19, 2013 Sheet 11 0f 16 US 2013/0340069 A1 Secunty Switch —C————"—-f———-‘@——-ciI\-—— -c----ris -‘9--_i__q‘»__ Mode1+2 Mode2 D1 _.____‘ _¢‘3___{-, Mode1 _ 1 Pnwarmanzgumant Normal Mode Vcc or Crd """"" " rrrrrrrrrrrrrrr ,, 07p?" :2? ‘ Audlo lnlelface U1 A Mal) I E|:L4.. u > r _I_ - VDD Transcelver Camera Module \ E» H ' 77777777777777777777777777777777 H Y l Optlon Camera IE I—" v AV CPU DC2 Memory SIM Card Graphic LCD i/ 3 GPS Receiver ‘ Keypad PHG H V Patent Application Publication Dec. 19, 2013 Sheet 12 0f 16 US 2013/0340069 A1 Security PLUG Switch r l—@: ‘ D1 ______“__3___,D__+__ ‘ r Mode1 — Fowermanagemeni ; Mudule ___--_<j\——i>———'l‘———?~—— Normal Mode """""""""" “1 4 P 7 ‘— LCD P LCD coml'oler Audio! Voce codec '1 i Keypad “ ‘ Mode I R1H Y > ‘1 A‘ LED F ‘ L1 \l’) 1 l PH 1 0 _ * 1 Camera 9mm?‘ 1 I VDD Camera Decoder 7 V 1 VolP p FOCESSOI' A D 3 V Memory m LAN port Fl 14 Ethernet Transceiver Patent Application Publication 53 Dec. 19, 2013 Sheet 13 0f 16 100 700 104 US 2013/0340069 A1 Patent Application Publication Dec. 19, 2013 Sheet 14 0f 16 US 2013/0340069 A1 167 161 1F 1+ % % _i::j PH3 :m PH4 PH2 DC1 165 115 PH1 FIG. 16 164 163 Patent Application Publication Dec. 19, 2013 Sheet 16 0f 16 US 2013/0340069 A1 iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii 00 161,1” 1 ,,,,,,, T 11 J E ‘1 V 4 G a‘ 406 401 i i: if ‘ u 300 ' T Q ‘ 1 2 \ 1.1L} M1 171 1Z0 168 1 1A] -1'- '\ > 162 éévj 500 200 EM V ‘ PU 1: 1 166 A 1 U ‘ ~ 1‘ ~: \ ‘i _ 1% $7; m v 166 161 ‘_ i Figure 18 166 A;I US 2013/0340069 A1 SECURITY SWITCH CROSS REFERENCE TO RELATED APPLICATIONS [0001] This application is a Continuation in Part of US. patent application Ser. No. 13/020042, titled “Security Dec. 19,2013 unauthorized operations on the user’s behalf. A single per sonal device may have a number of different communication means such as phone-lines, cables, a Wireless LAN, Blue tooth, etc, Which only increases the security risk. These com munication means can be used to retrieve private information, audio/video information, user location information (track Switch” and ?led Feb. 0, /2011 (now US. Pat. No. 8,522, 309), Which Was a Continuation in Part of US. patent appli cation Ser. No. 1 1/741,751 titled “Security SWitch” and ?led 29 Apr. 2007, Which claimed priority from US. Provisional Patent Application No. 60/881,510 ?led 22 Jan. 2007. This Where user is located When personal device is using out com munication) or transmitted information, and can be used for transmitting data on the user’s behalf Without his/her knoWl application further claims priority from Russian patent appli sensor components such as a microphone, earphone(s), speakers, camera, etc, are able to capture the information at a cation No. 201000159 ?led 5 Feb. 2010, noW alloWed as EAPO patent No. 013885. All of the abovementioned patents and patent applications are incorporated herein by reference in their entirety. TERMS [0002] Authorized user4oWner or permitted operator of a personal device. [0003] Unauthorized useriany user or softWare that does not have an explicit permission to operate the personal device. [0004] Unauthorized accessiany attempt of an unautho rized user to access or operate a personal device [0005] False indication/noti?cationian indication shoW ing one state, While another “real” state is different. [0006] Hooked componentia component connected in parallel With other device(s) to the same input element, in such Way that both devices can operate together, but the hooked component is isolated from the other device(s). [0007] “Man in the middle”ia component logically placed betWeen tWo other components and Which can control the information passed betWeen the tWo other components. [0008] Secure Inputian input readable only to a permitted component, meaning that the input of the permitted compo nent cannot be revealed by others components. [0009] Internal4enclosed Within an envelope or surface of the personal device or positioned at least partially on the surface of the envelope of the personal device. [0010] Extemaliseparate from a personal device but Which can be connected to the personal device or plugged into the personal device. [0011] Isolated sWitchia sWitch that cannot be operated or affected by any entity or factor except an authorized user. [0012] Independent operationian operation that cannot be affected by any entity or factor except an authorized user. [0013] Isolated controlleria controller that cannot be operated or affected by any entity or factor except an autho rized user. FIELD AND BACKGROUND [0014] Embodiments disclosed herein relate to the security of personal communication or computing devices Which communicate With other devices Which use softWare for operation. Personal softWare operated devices or appliances (hereinafter “personal devices”) such as mobile phones, IP phones, pocket PCs, PDAs, laptop computers, desktop com puters and netWork sWitches, use a variety of hardWired or Wireless communication means for communication With edge. [0015] Devices With permanently installed or accessory user location. Devices With permanently installed or acces sory communication components such as a modem, a LAN adapter, a Wireless LAN adapter, Bluetooth, GSM, etc, are able to transmit information and may reveal the user location. When signals are transmitted from the user location, the transmission can be used for tracking the user location. Com ponents of a device/appliance that are controlled by softWare and electronic sWitching devices may be controlled by an unauthorized user even if they Were disabled earlier by the authorized user. The components can be controlled Without the user noticing the change in mode of operation. For example, a mobile phone may look “sWitched off” but may still be functioning or even transmitting, making a call or sending an SMS on the user’s behalf, or capturing private conversations around its location. [0016] Local authorized or unauthorized users can easily modify the softWare operating the personal device, thereby causing a security breach, eg by doWnloading a virus-af fected softWare update. This scenario of softWare modi?ca tion is very common: on one hand it is much easier than hardWare modi?cation, and on the other hand it is much harder to verify such a modi?cation, or notice unWanted change. [0017] At present, the problem of unauthorized access is handled by different types of security softWare such as ?re Walls, anti-virus programs, anti-spyWare programs and secu rity systems. HoWever, each neW softWare security system is eventually overcome by neW hacking methods, viruses, Worms, Trojans and other threats. This creates an endless competition betWeen security providers and unauthorized users. In essence, softWare security is hard to implement and/or prove. Even if the theoretical model of the security is proven, there may still be a mistake or bug in the implemen tation that alloWs a break in the security. Consequently, soft Ware security solutions cannot be trusted. [0018] HardWare security solutions are knoWn and include: devices used to isolate telephone lines in order to prevent unauthorized capture of audio information from phone user (see US. Pat. No. 5,402,465 and US Pat. Application No. 20050271190); data line sWitches for computers that discon nect a computer line physically from the Internet, Working in manual and/or automatic mode (US Pat. Application No. 20030062252); a poWer off method for a Wireless peripheral device, Which terminates poWer to all parts of the Wireless device except the control chip by a certain operation on a connect button (US Pat. Application No. 20050009496); a sWitch that poWers-on a PDA in response to the stylus being these communication means to try and break open the per removed from the PDA’s stylus holder and, selectably, poW ers-off the PDA in response to the stylus being replaced into sonal device security and obtain personal and other informa the PDA (US. Pat. No. 6,233,464); a mobile phone With tWo tion on the personal device user or oWner, or to perform input modes, Whereby a sWitch of input modes is attained by other devices. A remote unauthorized user can adversely use Dec. 19, 2013 US 2013/0340069 A1 changing an electrical connection between the main printed circuit board (PCB) in the phone and the front and back PCBs [0024] The security switch may be mechanical (i.e. electri cal contacts switched mechanically) or electronic/electrical. (US. Pat. No. 7,031,758); the NetSafe Computer Security Switch, which uses a simple physical switching technology in When mechanical, its control is already isolated because it a way that allows a computer or group of computers to quickly user, not by the device itself. A mechanically operated switch should not have an electrically operated bypass. When elec and easily block a communications signal from entering the computer(s) and restart the signal without any software and without the need to power down, reboot, or run software on the computer(s) (US Pat. Application No. 20040243825); a wireless button for a laptops, offered by the Hewlet [0019] Packard Corporation in its line of Pavilion laptops can be operated only by manual physical operation of the tronic/electrical, the security switch is isolated electrically, i.e. completely separated electrically from other elements or components of the personal device. [0025] The principle of operation of the security switch ables all integrated wireless components in the laptop (e.g. disclosed herein relies solely on manual disconnection (or connection) of audio/video/ communication or power supply components in the personal device in order to avoid unautho WiFi and Bluetooth), and a wireless light that indicates simul taneous the computer’s overall wireless state (enabled or disabled); the portable electronic device that disconnects a receiving antenna from the duplexer of a mobile phone (US rized access to the information or personal device. This pro vides full isolation even in cases of full access to the device software or remote access to electronic components of the device, in the sense that an unauthorized user is not able to Pat. Application No. 20040203536A1). connect electrical circuits that are switched off manually, and a bene?ciary side effect of power saving in case of power (hereinafter the “HP wireless button”), which enables or dis [0020] All existing protection solutions suffer from one of two disadvantages: either the switch is “extemal” and can therefore be tampered with by an external factor, or the switch is internal but not fully isolated from the device itself (and therefore can be manipulated by the software of the device). Consequently, existing solutions cannot provide simulta neous temporary protection from audio/video information capture, cannot provide simultaneous temporary protection from both audio/video information capture and unauthorized access and user location\device location and cannot provide secure security mode exit or prevent capture of the logic required for exiting the security mode. Existing internal switches cannot provide prevention of false noti?cation about the device security mode in a device with already broken software security, i.e. in a state in which an unauthorized user gains access or control of the personal device despite software protection solutions. [0021] There is therefore a widely recognized need for, and it would be highly advantageous to have a simple internally isolated hardware security solution for the users of the above mentioned personal devices that does not suffer from the above mentioned software and hardware solution disadvan tages. SUMMARY [0022] Embodiments disclosed herein disclose hardware security solutions that overcome the problems of hardware and software security solutions mentioned above. They pro vide a user of a personal device with hardware means for supply disconnection. [0026] Two main modes of operation are provided: “mode ”imanual switching by an authorized user (or simple “user”) for preventing capture of audio/video information from the user; “mode 2”imanual switching by the autho rized user for preventing unauthorized determination of the user location or capture of other information. In mode 1, the user can receive visual information (for example incoming calls, SMS, memos, ?les, etc) yet is protected from being listened to, recorded or visually captured by unauthorized access to his personal device. In mode 2, the communication to the device is completely disconnected, so the device loca tion cannot be discovered by any means and no information transfer is possible. There is also a possibility to combine modes 1 and 2 into a “combined mode”. Note that mode 2 is not a substitute for mode 1, since in case of unauthorized access; audio/video information canbe captured and stored in the device memory, then transmitted after the user exits mode 2 [0027] The switch allows the user of a personal device to temporarily change the mode of operation when in need of privacy and wants to avoid possibility of spying after him/her by capturing his/her audio/video information or tracking his location. A manually operated security switch allows the user to disconnect components that can capture audio/video and user input information or transmit signals from/to the user’s personal device. When an electrical circuit is broken manu ally, it cannot be reconnected by an unauthorized user even in protecting information such as private information, audio/ case of full access to the device software or by remote access video information, user location information or transmission to an electronic personal device. When all components information and for performing operations securely. The capable of capturing audio/video informationiie. micro phone(s), headphone(s), speaker(s), and camera(s) are dis hardware means, referred to as “security switch” or “isolated switch”, are internal to the personal device and is isolated, both “intemal” and “isolated” being de?ned above. The “iso lation” also means that the control elements of the switch do not have any external communication capability and are pro tected from remote operation/manipulation. [0023] In some embodiments a security switch disclosed herein is a component having (a) control elements that are not connected electrically to an environment from which they should be isolated and shielded, or that are decoupled in such a way that both electrical and magnetic ?elds cannot in?uence their operation, and (b) switching elements that cannot be connected, disconnected or bypassed by elements other than the control elements in (a). connected, information cannot be obtained by an unautho rized user. When all components capable of transmitting a signal from or to a user’s device or appliance (i.e. RF, WiFi, Bluetooth, NFC, and LAN) are disconnected, the user loca tion and other private information cannot be obtained by an unauthorized user. Embodiments of systems and methods disclosed herein are not concerned with software security, but with protecting certain private information by disabling devices capable of capturing information or transmitting sig nals, even in cases when the device security is already broken. The protection is based on an operation that can be performed only by an authorized user (manual disconnection of the relevant components) and that cannot be performed by the US 2013/0340069 A1 software of the device or by the device itself. The protection is further based on the principle that the operation is not knoWn to the software of the device or to the device itself. [0028] In some embodiments, there is disclosed a system for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation, the personal device having an envelope or surface, the system comprising an internal isolated sWitch having operating func tions that cannot be affected by either the personal device core or by a peripheral device, Wherein the isolated sWitch includes an internal component located Within the envelope or at least partially on the surface of the personal device and Wherein the isolated sWitch internal component is selected from the group consisting of a mechanical element Without an electrically operated bypass and an electronic/electrical ele ment separated electrically from elements or components of the personal device. [0029] In some embodiments, the isolated sWitch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device. In some embodiments, the isolated sWitch includes an isolated inter nal component and an isolated external component, Wherein the isolated internal and external components trigger together the isolated sWitch operation. [0030] In some embodiments, the peripheral device may be a sensor device, for example a microphone, earphone(s), speakers, camera, etc. In some embodiments, the peripheral device may be a communication device for example a modem, LAN adapter, Wireless LAN adapter, Bluetooth device, GSM device, RF device, etc. [0031] In some embodiments, the peripheral device may be Dec. 19,2013 present preferred embodiment disclosed herein Will become further apparent upon consideration of the folloWing descrip tion, taken in conjunction With the accompanying ?gures, Wherein: [0035] FIG. 1 shoWs a ?rst embodiment of a personal device With a security sWitch disclosed herein; [0036] FIG. 2 shoWs another embodiment of a personal device With a security sWitch disclosed herein; [0037] FIG. 3 shoWs yet another embodiment of a personal device With a security sWitch disclosed herein; [0038] FIG. 4 shoWs yet another embodiment of a personal device With a security sWitch disclosed herein; [0039] FIG. 5 shoWs yet another embodiment of a personal device With a security sWitch disclosed herein; [0040] FIG. 6 shoWs an embodiment of a personal device With an input solution for security sWitch disclosed herein; [0041] FIG. 7 shoWs yet another embodiment of a personal device With a security sWitch disclosed herein; [0042] FIG. 8 shoWs yet another embodiment of a personal device With a security sWitch disclosed herein; [0043] FIG. 9 shoWs an example of an electro-mechanical implementation of an isolated sWitch disclosed herein; [0044] FIG. 10 shoWs an example of an electrical imple mentation of an isolated sWitch disclosed herein; [0045] FIG. 11 shoWs another example of an electrical implementation of an isolated sWitch disclosed herein; [0046] FIG. 12 shoWs an example of an electrical/elec tronic implementation of an isolated sWitch disclosed herein; [0047] FIG. 13 shoWs an example of an electro-mechanical implementation of an isolated sWitch disclosed herein; [0048] FIG. 14 shoWs an example of an electro-mechanical implementation of isolated sWitch disclosed herein; a user input device for example a keyboard, touch screen, etc. In some embodiments, the peripheral device may be a USB device, for example a USB “key” or mass storage device (MSD), a USB Bluetooth device, a USB Wireless device or any other knoWn USB device. [0049] FIG. 15 shoWs yet another embodiment of a per sonal device With a security sWitch disclosed herein; [0050] FIG. 16 shoWs an example of electrical/electronic implementation of an isolated sWitch With partial disconnec [0032] tion disclosed herein; In some embodiments, the peripheral device may be a non-USB MSD, a display, a memory, etc. [0033] In some embodiments there is provided a method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation, comprising the steps of providing an internal isolated sWitch having operating functions that cannot be affected by either the personal device core or the peripheral device, Wherein the isolated sWitch includes an internal component located Within the envelope or at least partially on the surface of the personal device, Wherein the isolated sWitch internal component is selected from the group consisting of a mechanical element Without an electrically operated bypass and an electronic/ electrical element separated electrically from elements or components of the personal device, and Wherein the isolated sWitch is con?gured to act as man in the middle betWeen the device core and the peripheral device, and using the isolated sWitch to protect the device from unauthorized use or access. BRIEF DESCRIPTION OF THE DRAWINGS [0051] FIG. 17 shoWs an example of electrical/electronic implementation of an isolated sWitch With isolated controller disclosed herein; [0052] FIG. 18 shoWs an example of electrical/electronic implementation of an isolated sWitch With external and inter nal components for mutual triggering of operation disclosed herein. DETAILED DESCRIPTION [0053] The invention discloses security systems and devices for protecting personal devices and their users from unauthorized access, operation, identity theft or information theft. In particular, the invention discloses a security sWitch that provides total protection of information related to the personal device or a user of the device. In the folloWing description, like elements appearing in different ?gures are numbered identically. [0054] FIG. 1 shoWs a ?rst embodiment 50 of a personal device With a security sWitch disclosed herein. Personal [0034] Reference Will be made in detail to preferred embodiments disclosed herein, examples of Which may be illustrated in the accompanying ?gures. The ?gures are intended to be illustrative, not limiting. Although the inven tion is generally described in the context of these preferred device 50 includes a device core 100, an isolated sWitch 102 and at least one peripheral device 104. The dotted arroWs indicate an optional direct connection betWeen device core embodiments, it should be understood that it is not intended to limit the spirit and scope disclosed herein to these particular softWare and may include one or more controllers (e. g. central processing units (CPUs)), one or more memory units and one or more poWer management modules. embodiments. The structure, operation, and advantages of the 100 and peripheral device 104 and/or betWeen device core 100 and isolated sWitch 102. Device core 100 operates by