In a typical personal computer (PC), a peripheral device is attached to a single communication port. A typical PC generally comprises two serial communication ports and one parallel communication port. This arrangement imposes limitations on the number of peripherals that can be attached to the PC and imposes certain difficulties in adding and removing the peripherals. Typically, peripherals that are mounted outside the PC are connected through a communication port. But there are usually only a few communication ports available. Alternatively, a peripheral device may be attached to a PC through an adapter attached to one of the bus slots of the PC motherboard. This approach requires managing computer resources and requires a careful configuration of the device.
A Universal Serial Bus (USB) solves many types of PC input/output (I/O) problems (e.g., configuration, resources management, port connection, etc.). A USB also provides additional new I/O capabilities. A USB enables the simultaneous connection of many peripheral devices on one bus. Moreover, the connection of USB devices may be performed by simply plugging the peripheral device into the USB bus. When a USB peripheral is connected, it is automatically detected, characterized, and configured by the system without requiring any user interaction. Devices may be added or removed while the PC is powered up and running, so that switching the power off is not required.
To understand the present invention it is necessary to understand USB operations. Therefore it is necessary to describe USB operations in detail. FIG. 1 schematically illustrates an exemplary USB tiered-star topology 120. USB topology 120 comprises three elements. The three elements are a Host computer (“Host”) 100, Hub devices 110-113, and Functions F1-F6 (“USB devices”). These three elements work together to allow data to flow between Host 100 and the USB devices.
USE Host Controller 103 organizes the data in the form of data packets. USE Host Controller 103 also controls the flow of data and control information over a USB bus (shown schematically in FIG. 1). Host 100 comprises USB Client Software 101 and USB System Software 102. Each USB device has its dedicated Client Software that Host 100 utilizes to interact with each of the USB devices. The USB System Software 102 manages interactions between USB Host Controller 103 and Client Software 101. The Functions F1-F6 are actually different types of USB devices, such as a USB keyboard or a USB mouse. Functions F1-F6 are able to transmit or receive data or control information over the USB Bus. Hub devices (“Hubs”) 110-113 are special USB devices that act as expansion points for the USB, providing a connection to other USB devices. Each Hub comprises some USB ports, P1-P4, to which other USB devices (Functions and/or Hub devices) may be connected.
The USB tiered-star topology consists of individual tiers, which are defined in accordance to the number of USB Hubs that connect them to Host Hub 110 (the root Hub). The tiered-star topology shown in FIG. 1 comprises four (4) tiers. The first tier is referred to as Tier 1. Tier 1 comprises Host Hub 110 embedded within Host 100. The second tier, Tier 2, comprises the devices that are connected to Host Hub 110 (i.e., Function F1 and Hub 111). The third tier, Tier 3, comprises the USE devices that are connected to Hub 111 in the second tier (i.e., Hub 112, Hub 113, Functions F2 and F3). The fourth tier, Tier 4, comprises the USB devices that are connected to Hub 112 and to Hub 113 of the third tier (i.e., Functions F4, F5, and F6). The USE tiered-star topology supports up to six (6) tiers, and may accommodate up to one hundred twenty seven (127) peripheral devices.
The tiered topology prevents circular attachments. Information travels between Host 100 and the USE devices in the form of data packets. The communication is carried out in a token polling environment. Data packets moving from a USE device to Host 100 (input devices) are actually moving in an “upstream” direction, while data packets moving from Host 100 to the USE devices (output devices) are actually moving in a “downstream” direction.
Functions may have different communication flow requirements in accordance with the functionality of a specific device. To improve the utilization of the USE, different communication flows are handled separately. This is carried out by defining endpoints (“Endpoints”) in each device to identify the different aspects of each communication flow. Endpoints are unique identifiable portions of a USB device. Each communication flow is actually performed between Host 100 and an Endpoint by utilizing some bus resources.
USB devices may be addressed physically, electrically, and logically. A logical device entity in the USB system consists of a collection of Endpoints. Information travels to and from logical devices through USB pipes. A USB pipe is an association between an Endpoint on a device and Client Software 101 on Host 100. Pipes are utilized to move data between Client Software 101 and device Endpoints. The data may travel through a USB pipe (1) by utilizing a stream mode in which the transmitted data has no USB defined structure, or (2) by utilizing a message mode in which the transmitted data has some USB defined structure.
In a polled bus USB Host Controller 103 initiates all data transfers. A transaction starts when USB Host Controller 103 sends a USB Token Packet (also referred to as a “Token”) describing the type and direction of a transaction, along with the USB device address and Endpoint number. The direction of data transfer is specified in the USB Token Packet. The source of the transaction then sends a data packet or indicates that it has no data to transfer. The destination, in general, responds with a handshake packet indicating whether the data transfer was successful.
Each Endpoint is characterized by its bus access requirements. These include the Endpoint frequency and latency requirements (i.e., how often it should be accessed), bandwidth requirements, maximum packet size, and Endpoint number. These are all utilized to determine the type of transfer required between Host 100 and the USB device. Each USB device is required to have a default Endpoint (also referred to as Endpoint zero (0)) which is utilized to initialize and configure the logical device and to provide access to its configuration and status information.
Host 100 queries the USB Hub port status information for indications of attachment or removal of USB devices. When a new USB device is attached to one of the Hub ports, Host 100 enables the Hub port to which the new device is connected. After a Hub port is enabled, Host 100 communicates with the attached device using the default address (i.e., address zero (0)). This default address is used for assigning the attached device its unique address, using a special packet containing the new address that is sent to the default address. Since Host 100 only enables one port at a time (onto which only one device is present), Host 100 can parse through a tree one port and one device at a time and assign unique addresses to each device.
For each device connected, Host 100 determines if the new device is a Hub or a Function. The Endpoints of the device are determined and defined at the time of attachment, during which each Endpoint is assigned a unique identifier, referred to as the Endpoint number. The Endpoints are designed only for one direction of communication flow (i.e., either in the upstream direction or in the downstream direction). In this fashion, each Endpoint may be uniquely referenced utilizing its device address, Endpoint number, and communication flow direction.
USE devices may comprise several Functions in one physical device. A USB device that has a single address and supports multiple functions utilizing different Endpoints is referred to as a “multi-function” device. On the other hand, several Functions may be comprised in a physical device utilizing an embedded USE Hub, which is referred to as a “composite” device. In this case, however, the different Functions are connected to the USB through the embedded Hub ports, and as such, each Function is assigned a unique address.
FIG. 2 schematically illustrates an exemplary communication flow in a logical domain of a USB system. Client Software 101 utilizes memory buffers 211-214 to receive and transmit information over the USB. As shown in FIG. 2, memory buffers 211-213 are attached to the Endpoints (“EPs”) 231-233 of USB device 200 utilizing “one directional” communication flow pipes 221-223.
Memory buffers 211-214 are assigned from the shared memory of Host 100, and therefore, the contents of memory buffers 211-214 are visible to other entities of Host 100. More particularly, any program that operates on Host 100 may access USB memory buffers 211-214, and read and manipulate their contents. Such accessibility is not desired, especially when a USB is utilized to receive or transmit information of a confidential nature. It should be noted that all the information that travels over a conventional USB is handled the same way, meaning that currently there is no way to distinguish between the different classes of information that may be transferred.
For example, in e-commerce applications a buyer is required to type in the details of his or her credit card and identification numbers by utilizing the keyboard. The information then travels to Client Software 101 through a memory buffer that is located in the shared memory of Host 100. It is often desirable to protect this information using a secure link, in which confidential information can travel safely, between the software of Host 100 and the peripheral devices. It is well known that “hackers” utilize special programs known as “snoopers” to eavesdrop and monitor data flow on Host computers.
As part of the USB device class definitions, a device class for Content Security Devices is defined, as described in http://www.usb.org/developers/data/devclass/ContentSecurity_v1—0.pdf. This specification defines a framework for transferring secure information over a USB according to different Content Security Methods (CSMs). These CSMs are supported by basic services to allow controlling the security method and associating it with a particular data transport channel. More details concerning a CSM-1 method and a CSM-2 method can be found in http://www.usb.org/developers/data/devclass/csm1_v1—0.pdf and in http://www.usb.org/developers/data/devclass/csm2_v1—0.pdf.
Although secure channels are established utilizing CSM, this approach utilizes host buffers for all of the services it provides. Therefore, all of the transactions taking place are still visible to other entities within Host 100 or even to other Hosts in the network.
In conventional USB systems the communication always flows through a Host system. However, it is often required to transfer information between two peripheral devices mounted outside a Host system. This kind of communication flow, directed from one peripheral device to another, is implemented by utilizing Host system resources, and therefore consumes memory resources, USB bandwidth, and processor running time.
The USB system described above has not provided a satisfactory solution to the problem of providing a secure method of transferring data between attached devices and applying different classes of confidentiality to its content. In particularly, there is no way to utilize a conventional USB to transfer information between attached devices without passing the information through Host memory buffers. As previously mentioned, it is known that Host memory buffers are not secure.
It is therefore desirable in the art to provide an apparatus and method for ensuring the secure transmission of information through a Universal Serial Bus (USB).