The statements in this section merely provide background information related to the present disclosure and may not constitute prior art.
Secure peripheral sharing switch (“PSS”) systems are often used in applications where a peripheral, for example a keyboard, is being used to communicate with two different computer systems. One specific type of PSS system is a keyboard, video and mouse (“KVM”) system. For the sake of convenience, the present disclosure will make reference to a KVM system as the specific type of PSS under consideration, with the understanding that a KVM system is merely meant as one example. Thus, the teachings of the present application may be applied to other types of PSS systems besides a KVM system.
KVM systems enable a single keyboard, mouse and video display device to communicate through a KVM appliance with one, two or more different target computers. Two or more of the target computers may be operating on different networks, often with different security levels. For example, one network may be a “classified” network and the other may be an “unclassified” network. When two or more target computers or other types of computing, peripheral or network devices are interfaced to the KVM appliance, a challenge arises with preventing data leakage from the user's computer or peripheral, back through the KVM appliance, to a different target computer. Such data leakage also presents a concern when a KVM appliance is used to provide a single computer or peripheral with shared access to two or more different networks, where the networks are designated with different security levels.
If a KVM appliance is being used to initially interface the user's keyboard, mouse and display terminal to a first target computer operating on a first network, information may be transmitted both from the user's keyboard and mouse to the first target computer, as well as from the first target computer to the user's keyboard. The data transmitted from the first target computer to the user's keyboard may be, for example, data that is temporarily stored by the user's keyboard and controls setting a status indicator on the user's keyboard. In one example the data may be data that sets a lamp associated with the Caps Lock key on the user's keyboard, in response to the user pressing the Caps Lock key on the keyboard. Alternatively, the data could be used to set a scroll lock indicator or a numbers lock indicator on the keyboard. When the KVM appliance is used to switch the user's peripheral to communicate with a second target computer, for example operating on a second network, then the data which has been sent to the user's keyboard and is being stored by the user's keyboard (e.g., to set the Caps Lock lamp) may be passed (i.e., “leaked”) to the second target computer as soon as the second target computer begins communicating with the user's keyboard.
The above described sharing or “leakage” of information from the user's peripheral from one target computer to another is not limited to just status information passed to the user's keyboard, but could potentially extend to virtually any other type of information that is shared between a target computer and the user's keyboard or mouse via the KVM appliance. While such keyboard status information is frequently used to set some type of status indicator on a keyboard or other peripheral that the user is using, this type of information is not necessarily limited to just status information used with a keyboard. Those skilled in the art will appreciate that various other peripherals often used by a user in a KVM setting may include some small amount of memory for temporarily storing information received from a target computer during a KVM session. In such instances it is highly undesirable if information can be passed/leaked from one target computer or device to a different target computer or device. And in many applications where a peripheral is able to be shared via a KVM to connect to computing device that access both classified and unclassified networks, such as in governmental and/or military settings, regulations may be in place that absolutely prohibit information leakage.
Previous attempts to prevent information from being leaked from a peripheral communicating with one target computer to a different target computer, via a KVM appliance, have been less than fully satisfactory. One such attempt has involved simply preventing the status information from being passed to the shared peripheral (e.g., the user's keyboard). However, this provides the drawback that the user is not provided with the status information. In some instances, such as where the status information would ordinarily be used to set a Caps Lock indicator on the user's keyboard, the user would not know that the Caps Lock is turned on. This could present a frustrating situation for the user if the user is required to enter a password into a dialog box having hidden characters, and where some characters of the password are required to be in capital letters or symbols. Other attempts to address this challenge have met with limited success.