METHODS OF OPERATING A PORTABLE COMMUNICATIONS DEVICE WITH ENHANCED SECURITY
First Claim
1. A method of operating a portable communications device, said portable communications device comprising a host computerized device having an untrusted operating system, at least some untrusted hardware, and a communications software stack operative to run on said host device, said portable communications device further comprising security apparatus for use with said stack;
- wherein said portable device is configured to operate according to the method comprising;
verifying the identity of a user of said portable device before further access is permitted;
receiving data sent from a higher layer process of said host computerized device for transmission over a network;
determining whether an association between said security apparatus and at least one other security apparatus exists;
encrypting at least a portion of said data using at least one cryptographic key; and
transmitting said at least portion to said at least one other security apparatus when said association does exist.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods of operating a portable communications device so as to provide communications security and user identification and authentication. In one embodiment, the method comprises placing the device in communication with an untrusted network, and using its security apparatus for creating associations with one or more security devices on the network. Traffic between the associated devices may be encrypted and protected for e.g., data confidentiality and integrity protection. In one variant, the security apparatus comprises a software entity disposed at least partly within the software stack of a host, and a removable security card. The portable device may be untrusted (e.g., have an untrusted operating system) and also be physically unsecure.
39 Citations
79 Claims
-
1. A method of operating a portable communications device, said portable communications device comprising a host computerized device having an untrusted operating system, at least some untrusted hardware, and a communications software stack operative to run on said host device, said portable communications device further comprising security apparatus for use with said stack;
wherein said portable device is configured to operate according to the method comprising;
verifying the identity of a user of said portable device before further access is permitted;
receiving data sent from a higher layer process of said host computerized device for transmission over a network;
determining whether an association between said security apparatus and at least one other security apparatus exists;
encrypting at least a portion of said data using at least one cryptographic key; and
transmitting said at least portion to said at least one other security apparatus when said association does exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
44. A method of operating a portable communications device, comprising:
-
providing a portable communications device, said portable communications device comprising a host computerized device adapted to run an untrusted operating system, and further comprising a security card adapted to be received at least partly within said host device, said security card having portions comprising user-specific and cryptographic data stored therein, at least said portions being protected against access by unauthorized users;
dynamically obtaining at least one identifier for said portable communications device when a communications interface of said portable communications device is placed in data communication with an untrusted network;
establishing a security association between said portable communications device and a security device on said network, said act of establishing comprising utilizing an algorithm adapted to cause said portable communications device and said security device to establish cryptographic keys while establishing said association; and
sealing or encrypting data sent from said portable device using at least one of said cryptographic keys. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
-
-
65. A method of operating a portable communications device, comprising:
-
providing a portable communications device, said portable communications device comprising a host computerized device adapted to run an untrusted operating system;
providing a security card adapted to be received at least partly within said host device, said security card having portions comprising user-specific and cryptographic data stored therein, at least said portions being protected against access by unauthorized users;
inserting said security card at least partly within said host device;
placing a communications interface of said portable communications device in data communication with an untrusted network;
verifying a user of said portable device using at least a portion of one of said user-specific and cryptographic data and an input supplied by a user via a user interface of said portable device;
exchanging at least a portion of said cryptographic data between said card and host device;
establishing a security association between said portable communications device and a security device on said network, said act of establishing comprising utilizing a cryptographic data exchange algorithm adapted to cause said portable communications device and said security device to exchange cryptographic data while establishing said association so as to enable at least ciphering or encrypting using one or more cryptographic keys; and
ciphering or encrypting data sent from said portable device using at least one of said cryptographic keys. - View Dependent Claims (66, 67, 70, 71, 72, 73, 74, 75, 76, 77)
-
- 68. The method of claim 68, wherein said cryptographic information comprises a cryptographic vector.
-
78. A method of operating a portable communications device, said device comprising:
-
an at least partly untrusted host computerized device adapted to run an untrusted operating system and a software stack;
a security card interface apparatus;
a security card adapted to be received at least partly within said card interface apparatus, said security card having portions comprising cryptographic data stored therein, at least said portions being protected against access by unauthorized users;
a communications interface; and
a user interface;
wherein said method comprises;
placing said communications interface in data communication with an untrusted network;
verifying a user of said portable device using an input supplied by a user via said user interface of said portable device and security software operative to communicate with said software stack;
exchanging at least a portion of said cryptographic data between said card and said host device; and
establishing a security association between said portable communications device and a security device on said network, said act of establishing comprising;
utilizing said cryptographic data to provide a cipher key;
generating a request message including said cipher key;
performing a mutual authentication based at least in part on said cipher key. - View Dependent Claims (79)
-
Specification