PORTABLE COMMUNICATIONS DEVICE WITH ENHANCED SECURITY
First Claim
1. A portable communications device adapted to provide network security functions, comprising:
- a host computerized device comprising an untrusted operating system and untrusted hardware;
a communications stack operative to run on said host computerized device;
a communications interface adapted to establish an ad hoc communications link with an untrusted network; and
security apparatus for use with said stack, said security apparatus adapted to communicate data with other security apparatus on said untrusted network by establishing a security association, and where said security apparatus is configured to;
verify the identity of a user of said portable device before further access is permitted;
receive data sent from a higher layer process in said host computer for transmission over said network;
determine whether an association between said security apparatus and said other security apparatus exists;
encrypt at least a portion of said data using at least one cryptographic key; and
transmit said at least portion to said other security apparatus when said association does exist.
2 Assignments
0 Petitions
Accused Products
Abstract
A portable communications device adapted to provide communications security and user identification, and authentication. In one embodiment, the device is useful with an untrusted network, and comprises security apparatus adapted to create associations with one or more security devices on the network. Traffic between the associated devices may be encrypted and residue-protected for e.g., data confidentiality and integrity protection. In one variant, the security apparatus comprises a software entity disposed at least partly within the software stack of a host. A security card may also be used as part of the security apparatus. The portable device may be untrusted (e.g., have an untrusted operating system) and also be physically unsecure. In one variant, the security apparatus is also agnostic to the portable device with which it is used.
103 Citations
79 Claims
-
1. A portable communications device adapted to provide network security functions, comprising:
-
a host computerized device comprising an untrusted operating system and untrusted hardware;
a communications stack operative to run on said host computerized device;
a communications interface adapted to establish an ad hoc communications link with an untrusted network; and
security apparatus for use with said stack, said security apparatus adapted to communicate data with other security apparatus on said untrusted network by establishing a security association, and where said security apparatus is configured to;
verify the identity of a user of said portable device before further access is permitted;
receive data sent from a higher layer process in said host computer for transmission over said network;
determine whether an association between said security apparatus and said other security apparatus exists;
encrypt at least a portion of said data using at least one cryptographic key; and
transmit said at least portion to said other security apparatus when said association does exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A portable communications device, comprising:
-
a host computerized device having an untrusted operating system;
a network communications interface adapted to communicate with an untrusted network and said host computer;
a security card adapted to be received at least partly within said host computerized device, said security card having portions comprising user-specific and cryptographic data stored therein, at least said portions being protected against access by unauthorized users;
a first computer program adapted to dynamically obtain at least one identifier for said communications device when said communications interface is placed in data communication with said network;
a second computer program adapted to establish security association between said portable communications device and a security device on said network, said second computer program comprising a key exchange algorithm adapted to cause said portable communications device and said security device to exchange cryptographic keys while establishing said association; and
a third computer program adapted to seal or encrypt data sent from said portable device using at least one of said cryptographic keys. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
-
65. A portable communications device adapted to provide security functions, comprising:
-
a physically unsecure and untrusted host device having an untrusted operating system;
a communications stack operative to run on said host device;
a communications interface adapted to establish temporary two-way communications with an untrusted multi-user network, said interface being driven at least in part by said stack; and
security apparatus for use with said stack, said security apparatus comprising a removable and substantially user-specific security card received at least party within a card reading apparatus of said portable device, said security apparatus adapted to;
verify the identity of a user of said portable device before further access is permitted;
physically secure cryptographic elements uniquely associated with said physically unsecure and untrusted host device or a user thereof; and
exchange security information with said physically unsecure and untrusted host device before further processing of a user transaction or message is permitted. - View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
-
-
79. A portable communications device adapted to provide security functions, comprising:
-
a physically unsecure and untrusted host device having an untrusted operating system;
a communications stack operative to run on said host device;
a communications interface adapted to establish temporary two-way communications with an untrusted multi-user network, said interface being driven at least in part by said stack; and
security apparatus for use with said stack, said security apparatus comprising;
(i) a removable and substantially user-specific security card received at least party within a card reading apparatus of said portable device; and
(ii) a security stack operable to interface with one or more layers of said communications stack;
wherein said security apparatus is adapted to;
verify the identity of said user of said portable device before further access to said network via said communications stack is permitted;
physically secure security data elements uniquely associated with said user thereof; and
exchange security information with said physically unsecure and untrusted host device before further processing of a user transaction or message is permitted. wherein said security card is substantially platform agnostic such that it may be removed from and inserted into another portable physically unsecure and untrusted communications device while;
(i) providing similar user-specific security functionality to that of said portable device; and
(ii) substantially preventing compromise of said security data elements.
-
Specification