Embodiments of the present invention are related to security for various computerized systems.
Computer systems are ubiquitous in modern society and control many important systems. These systems can be systems dedicated to data systems, for example financial or medical systems, that process highly confidential user information. Additionally, many of these systems can control complex systems, for example utility equipment such as pipelines or electrical grids, transportation systems, autonomous vehicles or other such systems. Many of these systems are capable of sensing their environments and controlling devices that operate within that environment. For example, autonomous vehicles are being developed for a multitude of applications. Autonomous vehicles are under development and are various stages of deployment in all areas of transportation, including, but not limited to, marine shipping, aviation, trucking, passenger vehicles, rail, agricultural and industrial vehicles. A fully autonomous vehicle is capable of sensing its environment and making operational decisions to operate the vehicle without human involvement.
These systems have increasingly at risk of attack from outside bad actors. Breaches of these systems can result, and have resulted in, exposure of user confidential information (e.g., credit card information, personal information, medical information, etc.) as well as disruption of services that result from malignant access to the computer systems. Further, breaches of autonomous vehicles, whether they be passenger vehicles, constructions vehicles, agricultural implements, freight haulers (e.g., trucks or ships) or other autonomous devices can result in substantial injury and destruction of property.
Therefore, there is a need to develop security protocols to prevent malignant hacking in these computer systems.
In accordance with embodiments of this disclosure, a method of securing a processing unit according to some embodiments includes receiving a request for access from a user; detecting a device; determining whether the device is a trusted device; and providing the user access to the processing unit only if the device is a trusted device.
A method of operating a trusted device to secure a processing unit according to some embodiments includes receiving a device query from the processing unit; verifying a user; and if the user is verified, sending an ID to the processing unit.
A method of registering a device to secure a processing unit as a trusted device according to some embodiments includes receiving a request to register the device from a user; verifying the user as an administrator of the processing unit; if the user is verified as an administrator of the processing unit, detecting one or more devices; reporting the one or more devices to the user; receiving an identified device of the one or more devices from the user; and storing the identified device as the trusted device with the processing unit.
These and other embodiments are discussed below with respect to the following figures.
These figures are further discussed below.
In the following description, specific details are set forth describing some embodiments of the present invention. It will be apparent, however, to one skilled in the art that some embodiments may be practiced without some or all of these specific details. The specific embodiments disclosed herein are meant to be illustrative but not limiting. One skilled in the art may realize other elements that, although not specifically described here, are within the scope and the spirit of this disclosure.
This description illustrates inventive aspects and embodiments should not be taken as limiting—the claims define the protected invention. Various changes may be made without departing from the spirit and scope of this description and the claims. In some instances, well-known structures and techniques have not been shown or described in detail in order not to obscure the invention.
Furthermore, computer system 102 can communicate with other systems 118 through network 104 or closely located systems 122 through wireless communications. Other systems 118 or system 122 can, for example, be traffic control systems, service information systems, other systems having computer systems such as system 102.
As is illustrated in
Further, as is illustrated in
However, as is further illustrated in
In particular, in accordance with aspects of the present disclosure, computer 102 allows access to a user through user device 116 only in the presence of a trusted device 114. Trusted device 114 is a device that has been previously registered as a trusted device in computer system 102. Computer system 102 can detect the presence of trusted device 114, for example, using Bluetooth, or other wireless or wired system. Trusted device 114 may use any communications, for example wireless communications, method for communicating with computer 102. Additionally, in some aspects of the disclosure, trusted device 114 verifies the identity of the user of user device 116. Such verification can be performed biometrically (e.g., fingerprint, facial recognition, etc.), although the use of passwords may also be used. In some embodiments, user device 116 may include trusted device 114.
Processor 204 can be any combination of microprocessors, microcomputers, application specific ICs (ASICs), state functions, or other devices or combinations of devices that are capable of operating as described below. Processor 204 can include numerous individual processors, which are capable of performing the functions of system 120.
As illustrated in
As is further illustrated in
As is further illustrated, processor 202 is coupled to a system interface 216 that interfaces with components of system 120 so that processing unit 200 can control operation of the site (e.g. utility system or other system). In an autonomous vehicle, for example, system interface 216 can interface to system controls 110 that include controls for steering and acceleration, monitoring of vehicle operations, etc. In a pipeline control system, system interface 216 can communicate with system controls 110 that include valves and other such devices.
As is further illustrated, processor 202 is further coupled to a system sensors interface 214 that interfaces to system sensors 112 that includes, for example, all sensors incorporated in system 100. In an autonomous vehicle, for example, system sensors 112 can include, for example, GPS navigation, inertial sensors, radar, LIDAR, cameras, ultrasound, or other sensors that allow processing unit 200 to “see” its surroundings. In a pipeline system, for example, system sensors 112 can include, for example, flow sensors, temperature gauges, and other systems that monitor operation of the pipeline.
Processor 202 is also coupled to a user interface 218. User interface 218 can include any combination of video displays, touch screens, buttons, knobs, keyboards, audio microphones, speakers, and other devices that allows processing unit 200 to relay information (e.g., provide infotainment services, display GPS maps, provide vehicle specific messages, etc.) and receive input (e.g., vehicle parameter settings, radio stations, environmental controls, etc.) from a user of vehicle 102. User device 116 can be, for example, incorporated into user interface 218 or user device 116 may interface with computer system 102 through wireless interface 210 or wired interface 212.
In accordance with aspects of the present disclosure, memory 204 includes, along with the trusted devices list 220, instructions that interact with services 108 and user device 116 to prevent hacking as discussed further below. In particular, as discussed below when a user requests access to computer system 102 through user device 116, computer system 102 detects presence of a trusted device 114 that may have separately verified the identity of the user.
Once user device 116 is paired with processing unit 200 and services 108, user device 116 can be used access computer system 102 and direct computer system 102 to access services 108 through cloud network 104. In some aspects, trusted device 114 may be queried periodically while the user is accessing computer system 102 to verify that the user continues to be present. Any instructions sent to computer system 102 can be verified prior to those commands being executed. A hacker trying to hack into computer system 102, then, will be thwarted by the verification process that requires the presence of trusted device 114. If the computer system 102 does not detect the presence of trusted device 114 (e.g. via Bluetooth), then the computer system 102 may send all identifying info from the hackers to a central repository to build a database for law enforcement investigation. The computer system 102, or a monitoring system through network 104, can further use an AI to look for patterns to identify Hackers.
In processing unit 200, if in response to query devices 318 there are no unqueried devices as determined in step 320, the processing unit 200 proceeds to step 322 where the access procedure is stopped. Otherwise, processing unit received the ID from device 114 in step 324 and proceeds to step 326. In step 326, processing unit 200 determines from the ID whether device 114 is listed in the trusted device list 220 and, in some cases, is associated with the particular user. In some embodiments, processing unit 200 may also verified user receiver from device 114 is associated with the ID. If not, then processing unit 200 returns to step 318 to search for another device 114. If it is on list 114, then processing unit 200 proceeds to step 328 where access is allowed. User device 116 is then provided access 314 to computer system 102. In step 330 of processing unit 200, removal of the trusted device 114 can be detected. If that removal is detected, processing unit 200 proceeds to step 332 where access is again denied to computer system 102.
In step 410, if the user is verified as an administrator then procedure 400 proceeds to step 414. In step 414, processor 200 detects available devices 404. Although a single available device 404 is illustrated in
In some embodiments, the trusted device is a Bluetooth device that is in the immediate vicinity of computer 102, which itself interacts with its surroundings. In some embodiments, computer 102 may be coupled through network 104 to other systems 118 that are situated to operate in their surroundings. Access to computer 102 as described above can provide remote access to the further connected systems. Further access to other systems 118 as described above may provide that user with access to computer system 102.
Phishing attacks are a common problem these days. Embodiments of the present disclosure can be used to prevent phishing attacks as well. Phishing attacks would be received, typically, at user device 116, and possibly at processing unit 200 as a request for action. In some embodiments, AI can be used to read the sender's email address and compare with actual emails or communications from services 108 and, if they are not the same, delete or quarantine the emails. These emails, that typically would spoof communications from services 108, can be stored and analyzed as well.
Embodiments of the invention described herein are not intended to be limiting of the invention. One skilled in the art will recognize that numerous variations and modifications within the scope of the present invention are possible. Consequently, the present invention is set forth in the following claims.
This disclosure claims priority to U.S. Prov. App. 63/231,519 to Marwan Hannon, filed on Aug. 10, 2021, which is herein incorporated by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
63231519 | Aug 2021 | US |