1. Field of Technology
This disclosure relates to computer devices, and more particularly to secure switches for accessing multiple computers.
2. Background
There are many situations in which users of computers need to access multiple computers. This may be between accessing a desktop computer for general work and a specific-purpose computer for access to particular programs, or accessing a remote computer while physically at a separate local computer. When the two computers are both local and physically accessible, this is not a problem. Users can physically move between the two machines, or use switch devices such as a conventional Keyboard-Video-Mouse (KVM) switch to toggle between different computers. When physical access to both systems is not desired or possible, additional access, security, and usability problems are raised.
Multiple solutions allow remote access from one computer to another. Remote access technology includes virtual private networking (VPN), virtual or remote desktops, or specific remote applications allow remote computing. These technologies typically rely on user authentication such as a username and password. Such security verifies that the person making access has the required access code, but does not verify it is that actual person or what device is being used for access. Additional security can be added such as biometric authentication or hardware authentication devices such as security USB dongles. This adds a second level of verification, but does not ensure the security of the device being used for access. Once access is established, local programs such as computer viruses or user misuse such as copying or printing may breach security of the remote computer. Applications may be run to lock down the local machine, including virus protection and device access control programs, but uses resources on the computer reducing computer performance available for the user, and is still vulnerable should any of the lock-down programs be compromised.
3. Description of Prior Art
There is much prior art focusing on development of KVM switches.
U.S. Pat. No. 6,378,009 “KVM (KEYBOARD, VIDEO, AND MOUSE) SWITCH HAVING A NETWORK INTERFACE CIRCUIT COUPLED TO AN EXTERNAL NETWORK AND COMMUNICATING IN ACCORDANCE WITH A STANDARD NETWORK PROTOCOL” (Pinkston, Apr. 23, 2002) discloses a KVM switch where “information from a remote terminal is transferred on a network in a packet where the switch information in the packet uses a standardized management protocol . . . . The [ ] switch then responds to the switch information by performing a control function, providing status information to the remote terminal, or by changing security information.” Thus Pinkston discloses remote management and administration of a KVM switch.
U.S. Pat. No. 6,671,756 “KVM SWITCH HAVING A UNIPROCESSOR THAT ACCOMMODATE MULTIPLE USERS AND MULTIPLE COMPUTERS” (Thomas, Dec. 30, 2003) discloses “a KVM switch having a uniprocessor architecture that accommodate multiple users and multiple computers—even multiple users to a single computer—via interrupt servicing provides dramatic improvements over common matrix-type KVM switches.” Thus Thomas discloses a switch handling multiple users simultaneously.
U.S. Pat. No. 7,519,749 “REDIRECTING INPUT AND OUTPUT FOR MULTIPLE COMPUTERS” (Sivertsen, Apr. 14, 2009) discloses “a redirection module captures and transmits video signals from a local computer through over a network, such as the Internet, to a remote computer where the remote computer produces a display that contains the screen frames being transferred. The module is configured for use with and installation within a keyboard, video, and mouse switch configured for receiving the module.” Thus Sivertsen discloses screen-grabbing for remote display which may be done at a local KVM switch.
United States Patent Application Publication 2005/044184 “NETWORK BASED KVM SWITCHING” (Thomas, Feb. 24, 2005) discloses “a keyboard/video/mouse (KVM) switching protocol is disclosed in which KVM information is applied to a network of workstations . . . . The system provides motherboard access to the servers that is characteristics of KVM switches but provides essentially unlimited scalability not known in traditional KVM switches.” Thomas thus discloses converting KVM signals into a network protocol.
In addition to prior art related to KVM switching between two separate computers, some solutions focus on putting multiple computers together into a single location, with one computer less secure than another or each computer for separate purposes.
United States Patent Application Publication 2004/0107358 “DATAVAULT X4 MULTI-NETWORK SECURE COMPUTER” (Shiakallis, Jun. 3, 2004) discloses “a dual computer system with two or more separate network domains . . . incorporating two totally separate (CPU), motherboards, (RAM), hard drives, floppy drives, (CD-ROM) drives, a secure removable hard . . . ” Such solution does not protect the secure computer from physical access, nor allow remote access without going through a full computer with physical access.
U.S. Pat. No. 6,578,140 “PERSONAL COMPUTER HAVING A MASTER COMPUTER SYSTEM AND AN INTERNET COMPUTER SYSTEM AND MONITORING A CONDITION OF SAID MASTER AND INTERNET COMPUTER SYSTEMS” (Policard, Jun. 10, 2003) discloses “desktop computers sharing components and having divergent operating systems, hard drive(s) and memory for the expressed purpose of segregating the day to day data processing functions and files from access to the Internet and downloading information and e-mail therefrom.” Policard discloses two fully functional computers in a single box with some shared components, which does not provide physical security or total separation of a local computer with a remote resource.
None of the known prior art provides a switching product with 1) dedicated remote access to a computer resource configured for a specific secure user, 2) unaffected access to a local computer resource, and 3) complete separation so that data from the remote resource cannot be accessed, downloaded, or printed by local computer resources. What is needed, therefore, is a computer switching device that overcomes the above-mentioned limitations and that includes the features enumerated above.