| CPC H04L 9/3271 (2013.01) [G06F 13/4063 (2013.01); G06F 13/4282 (2013.01); H04L 9/0825 (2013.01); G06F 2213/0026 (2013.01)] | 20 Claims |
|
1. A host system comprising:
an authentication communication medium interface configured to be communicatively coupled to a connected module;
an authentication communication medium coupled to the authentication communication medium interface;
a secure communication medium interface physically separate and decoupled from the authentication communication medium interface and configured to be communicatively coupled to the connected module in parallel with the authentication communication medium interface;
a secure communication medium physically separate and decoupled from the authentication communication medium and being configured to be switchably coupled to the secure communication medium interface; and
a controller coupled to the authentication communication medium and the secure communication medium and being configured to:
detect a connection of the connected module to the host system over a physical communication connection;
generate an authentication challenge;
provide the authentication challenge to the connected module over a physical authentication connection via the authentication communication medium and the authentication communication medium interface;
receive a challenge response to the authentication challenge from the connected module via the authentication communication medium and the authentication communication medium interface;
verify the challenge response;
grant the connected module access to host system data on the secure communication medium over the physical communication connection via the secure communication medium interface based on successful verification of the challenge response, wherein granting the connected module access to the host system data on the secure communication medium includes physically coupling the secure communication medium to the secure communication medium interface; and
deny the connected module access to host system data on the secure communication medium based on unsuccessful verification of the challenge response, wherein denying the connected module access to the host system data on the secure communication medium includes
maintaining a physical decoupling between the secure communication medium and the secure communication medium interface, and
maintaining the physical authentication connection between the authentication communication medium and the connected module.
|