The Universal Serial Bus (USB) is a standard interface for connecting peripherals to personal computers. The USB eliminates the need to install controller cards into dedicated slots on the computer motherboard as well as avoiding the need to configure a port to allow communication with a specific peripheral device. The USB approach provides ‘plug and play’ functionality which allows a wide variety of devices such as mice, printers, video capture hardware, modems, etc. to be connected to a personal computer with little or no configuration.
All USB devices are connected to a corresponding host computer through a specific connector type using a tiered-star topology. The host computer includes a single USB host controller which provides the interface between the USB network and the host personal computer and controls all access to USB resources and monitors the bus's topology. The network can be extended by means of one or more USB hubs which provides further attachment points for additional USB devices.
As there is no need to a user to configure the host computer or install interface cards, any USB device may be connected to a computer simply by plugging the device into an available USB port. There is generally also no need to power down the computer as ‘hot-plugging’ is an explicit and highly advantageous feature of the USB architecture.
Given that most personal computers are now shipped with one or more USB ports, the ease of attaching USB peripherals raises the issue of security and control of USB host computers in certain situations. Such situations include computers located in public access environments such as universities and libraries. It is of course possible to physically disconnect the USB ports from the host controller. However, this may require the computer to be partially dismantled and may raise issues of warranty invalidation and accidental damage to the computer hardware. It may also be possible to physically prevent USB devices from being plugged into the machine by shielding or masking the USB ports themselves. However, neither of these solutions is desirable as they are inflexible, can be physically tampered with, require at least a minimum of technical knowledge and may not be reversible.
At a more technical level, it is relatively straightforward for a system administrator to enable or disable a USB port in software. However, it is presently not possible to select or limit the specific devices or class of devices that can be plugged into a USB host computer, hub or other point on a USB network. This capability would be highly desirable in, for example, a corporate context where it may be necessary for a user of a hand-held or portable computing device to temporarily connect to a host computer to update mobile databases, upload meeting agendas etc, while perhaps preventing a card reader, input device or other unauthorised peripheral from being connected to the host computer. On the other hand, a system administrator may wish to restrict the class or devices available for connection to only output devices such as portable printers etc. Thus a substantial degree of flexibility is needed to satisfy these requirements, such flexibility being unavailable at the present time.
There therefore exists a need to be able to dynamically and flexibly configure device access and authorization to a USB network in a way which is reversible, configurable and preferably performed in software. Ideally, this configuration may optionally be achieved by means of a network or direct connection with the USB host computer.
It is the object of the present invention to provide a solution to the abovementioned task, or to at least ameliorate the problems outlined above, which is capable of being effected in hardware or software and is effective, flexible and inexpensive to implement and administer.