Interconnectable personal computer architectures that provide secure, portable, and persistent computing environments
First Claim
1. An interconnectable personal computer architecture for use with a host computer, comprising:
- secure non-computing client apparatus that is couplable to the host computer that embodies a secure computing environment that is configured to establish a root of trust on the host computer, comprising;
a security device for encrypting and decrypting all data transferred between the secure client apparatus and the host computer;
an encrypted trusted basic input/output system (BIOS) that is decrypted and transferred to the host computer to configure it; and
encrypted trusted boot software that is decrypted and transferred to the host computer to selectively cold boot or warm boot the host computer to create the root of trust on the host computer.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are interconnectable personal computer architectures comprising secure, portable and persistent computing environments that provide secure computing sessions with persistence. The computing environments are implemented using a secure non-computing client device, such as a USB device, that interfaces with a host computer and, optionally, a trusted server. The secure non-computing client device is used to instantiate a secure BIOS and a secure cold or warm boot of the host computer, from the client device, in a host protected area of the host computer, or from the trusted server. The client device comprises a security device, such a trusted platform module, that encrypts and decrypts data transferred between the client apparatus and the host computer to provide a sealed computing environment on the host computer. The client device may implement keyboard logger attack prevention. The client device may also implement a high assurance guard to protect applications. The client device may also comprise security wrapper software that encapsulates malware processed by the host computer. Computing methods and software are also disclosed.
-
Citations
20 Claims
-
1. An interconnectable personal computer architecture for use with a host computer, comprising:
-
secure non-computing client apparatus that is couplable to the host computer that embodies a secure computing environment that is configured to establish a root of trust on the host computer, comprising; a security device for encrypting and decrypting all data transferred between the secure client apparatus and the host computer; an encrypted trusted basic input/output system (BIOS) that is decrypted and transferred to the host computer to configure it; and encrypted trusted boot software that is decrypted and transferred to the host computer to selectively cold boot or warm boot the host computer to create the root of trust on the host computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A secure computing method, comprising:
-
instantiating secure non-computing client apparatus that is couplable to a host computer that embodies a secure computing environment that comprises a security device for encrypting and decrypting data transferred between the secure client apparatus and the host computer, an encrypted trusted basic input/output system (BIOS) that is decryptable and transferable to the host computer to configure it, encrypted trusted boot software that is decryptable and transferable to the host computer to selectively cold boot or warm boot it and create the root of trust on the host computer, one or more trusted applications that are decryptable and transferable to the host computer, and user data that is decryptable and transferable to the host computer and that is processable by the one or more trusted applications on the host computer; coupling the secure non-computing client apparatus to the host computer; booting the host computer from the secure non-computing client apparatus; loading one or more trusted applications onto the host computer; and running the one or more trusted applications using data from the secure non-computing client apparatus. - View Dependent Claims (19)
-
-
20. Software comprising:
-
a code segment for coupling non-computing client apparatus to a host computer, which non-computing client apparatus comprises a security device for encrypting and decrypting data transferred between the secure client apparatus and the host computer; one or more code segments comprising an encrypted trusted basic input/output system (BIOS) instantiated on the non-computing client apparatus; one or more code segments for decrypting and transferring the trusted basic input/output system (BIOS) to the host computer to configure it one or more code segments comprising encrypted trusted boot software instantiated on the non-computing client apparatus; one or more code segments for decrypting and transferring the trusted boot software to the host computer to selectively cold boot or warm boot it and create the root of trust on the host computer; and one or more code segments comprising one or more trusted applications instantiated on the non-computing client apparatus that are transferable to and run from the host computer and that access user data on the non-computing client apparatus.
-
Specification