Method and system for secure communications over a communications network
First Claim
1. An apparatus for securely communicating with a remote apparatus, comprising:
- a general purpose processor;
a security processor;
a secure memory, coupled to said security processor;
a human interpretable data input device, coupled to said security processor, for receiving secure human interpretable data and insecure human interpretable data;
a cryptographic module, coupled to said security processor, for encrypting human interpretable data received from said human interpretable data input device;
an interface, coupled to said security processor and said general purpose processor, for interfacing said security processor with said general purpose processor, the interface including an interface protocol for restricting the extent of access by the general purpose processor to said human interpretable data present in said secure memory so that said general purpose computer is able to access said secure human interpretable data only after said secure human interpretable data has been encrypted and is able to access said insecure human interpretable data in unencrypted form for processing; and
a transmitter, coupled to said general purpose processor, for transmitting said encrypted secure human interpretable data over a communications path to said remote apparatus.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method and system for securely communicating between an initiating user at an initiating system and a destination entity. In one aspect, the system includes a general purpose processor, a security processor, secure memory, a human interpretable data input device for receiving secure human interpretable data and insecure human interpretable data, a cryptographic module, an interface for interfacing the security processor with the general purpose processor so that the general purpose processor is able to access secure human interpretable data only after the secure human interpretable data has been encrypted by the encryption module and is able to access the insecure human interpretable data in unencrypted form, and a transmitter for transmitting encrypted secure human interpretable data to a destination entity. In another aspect, the method includes a protocol for secure communications using the system of the present invention.
34 Citations
14 Claims
-
1. An apparatus for securely communicating with a remote apparatus, comprising:
-
a general purpose processor;
a security processor;
a secure memory, coupled to said security processor;
a human interpretable data input device, coupled to said security processor, for receiving secure human interpretable data and insecure human interpretable data;
a cryptographic module, coupled to said security processor, for encrypting human interpretable data received from said human interpretable data input device;
an interface, coupled to said security processor and said general purpose processor, for interfacing said security processor with said general purpose processor, the interface including an interface protocol for restricting the extent of access by the general purpose processor to said human interpretable data present in said secure memory so that said general purpose computer is able to access said secure human interpretable data only after said secure human interpretable data has been encrypted and is able to access said insecure human interpretable data in unencrypted form for processing; and
a transmitter, coupled to said general purpose processor, for transmitting said encrypted secure human interpretable data over a communications path to said remote apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for secure communications, comprising:
at least two computers, comprising a first computer and a second computer, each one of said at least two computers comprising;
a general purpose processor;
a security processor;
a secure memory, coupled to said security processor;
a human interpretable data input device, coupled to said security processor, for receiving secure human interpretable data and insecure human interpretable data;
a secure human interpretable data output device, coupled to said secure processor for rendering and presenting secure human interpretable data to a user;
a cryptographic module, coupled to said security processor, for encrypting human interpretable data received from said human interpretable data input device;
an interface, coupled to said security processor and said general purpose processor, for interfacing said security processor with said general purpose processor, the interface including an interface protocol for restricting the extent of access by the general purpose processor to said human interpretable data present in said secure memory so that said general purpose computer is able to access said secure human interpretable data only after said secure human interpretable data has been encrypted and is able to access said insecure human interpretable data in unencrypted form for processing and so that said security processor has access to human interpretable data received at said general purpose processor;
a transmitter, coupled to said general purpose processor, for transmitting said encrypted secure human interpretable data over a communications path; and
a receiver, coupled to said general purpose processor, for receiving said encrypted secure human interpretable data over said communications path, whereby secure human interpretable data entered via said human interpretable data input device at said first computer is securely transmitted to said second computer for rendering and presentation by said secure human interpretable data output device of said second computer to a user at said second computer, and responsive human interpretable data is entered via said human interpretable data input device at said second computer and securely transmitted to said first computer for rendering and presentation by said secure human interpretable data output device of said first computer to a user at said first computer. - View Dependent Claims (9)
-
10. A method for securely communicating with a remote apparatus, comprising:
-
a) providing a general purpose processor;
b) providing a security processor;
c) receiving, by said security processor, human interpretable data entered at a human interpretable data device;
d) determining, by said security processor, whether said human interpretable data is secure data or insecure data;
e) encrypting said human interpretable data if the result of said step d) is that said human interpretable data is secure;
f) allowing, by said security processor, said general purpose processor to access said human interpretable data in unencrypted form if the result of step d) is that said human interpretable data is insecure and otherwise allowing said general purpose process to access said human interpretable data only in encrypted form; and
g) transmitting, by said general purpose processor, said encrypted human interpretable data to said remote apparatus over a communications path.
-
-
11. A method for securely communicating with a remote apparatus, comprising:
-
a) providing a general purpose processor;
b) providing a security processor;
c) providing a secure memory, coupled to said security processor;
d) receiving, by said general purpose processor, encrypted human interpretable data from said remote apparatus;
e) transmitting said encrypted human interpretable data to said security processor via an interface that prevents said general purpose processor from having access to said human interpretable data in unencrypted form;
f) decrypting said human interpretable data; and
g) storing said decrypted human interpretable data in said secure memory. - View Dependent Claims (12)
-
-
13. In a system having a general purpose processor and a security processor, a method for initiating and conducting a secure communications session between a initiating user and a destination entity, comprising:
-
a) transmitting a request for a chat invitation message from said general purpose processor to said security processor;
b) generating a chat invitation message by said security processor;
c) transmitting said chat invitation message generated in step b) to said destination entity;
d) receiving a chat challenge message from said destination entity, in response to said chat invitation message, said chat challenge message comprising a random data sequence;
e) generating a chat response message by said security processor comprising digitally signing said random data sequence received in step d) with a private key associated with said initiating user;
f) transmitting said chat response message to said destination entity;
g) receiving a chat accepted message from said remote apparatus, in response to said chat response message, said chat accepted message comprising a communications key encrypted using a public key associated with said initiating user;
h) validating said chat accepted message by said security processor, comprising decrypting said communications key using said private key associate with said initiating user;
i) encrypting at least one message by said security processor using said communications key; and
j) transmitting said at least one encrypted message to said destination entity.
-
-
14. In a system having a general purpose processor and a security processor, a method for initiating and conducting a secure communications session between a initiating user at an initiating system and a destination entity, comprising:
-
a) receiving a chat invitation message from said initiating system;
b) generating a chat challenge message, by said security processor of said destination entity, in response to said chat invitation message, said chat challenge message comprising a random data sequence;
c) transmitting said chat challenge message to said initiating system;
d) receiving a chat response message from said initiating user, comprising said random data sequence digitally signed with a private key associated with said initiating user;
e) validating said chat response message by said security processor comprising verifying said signed random data sequence received in step d) is identical to said random data sequence generated in step b);
f) generating a chat accepted message by said security processor if said chat response message was verified, said chat accepted message comprising a communications key encrypted using a public key associated with said initiating user;
g) transmitting said chat accepted message to said initiating system;
h) receiving at least one message by said security processor; and
i) decrypting said at least one message by said security processor using said communications key.
-
Specification