METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS BETWEEN A SECURE VIRTUAL TERMINAL AND A REMOTE SYSTEM

US 20120084544A1
Filed: 05/11/2011
Published: 04/05/2012
Est. Priority Date: 10/04/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method for securely connecting a client computer having a secure boot device to a remote server over a communications network, the method comprising:

booting a client computer from a trusted set of processing modules stored in the secure boot device;

verifying the contents of the trusted set of processing modules prior to execution of these processing modules;

providing authentication information from data stored upon the secure boot device to an authentication server to establish a secure connection to the remote server;

establishing the secure connection with the remote server using encryption keys stored on the secure boot device; and

transferring data between the client computer and the remote server over the secure connection to perform transactions initiated by a user of the client computer;

wherein the remote server utilizes encryption keys associated with a unique ID from the secure boot device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for securely connecting a client computer having a secure boot device to a remote server over a communications network are disclosed. One method includes booting a client computer from a trusted set of processing modules stored in the secure boot device, verifying the contents of the trusted set of processing modules prior to execution of these processing modules, and providing authentication information from data stored upon the secure boot device to an authentication server to establish a secure connection to the remote server. The method also includes establishing the secure connection with the remote server using encryption keys stored on the secure boot device, and transferring data between the client computer and the remote server over the secure connection to perform transactions initiated by a user of the client computer. In the disclosed method, the remote server utilizes encryption keys associated with a unique ID from the secure boot device.

93 Citations

View as Search Results

22 Claims

1. A method for securely connecting a client computer having a secure boot device to a remote server over a communications network, the method comprising:
- booting a client computer from a trusted set of processing modules stored in the secure boot device;
  
  verifying the contents of the trusted set of processing modules prior to execution of these processing modules;
  
  providing authentication information from data stored upon the secure boot device to an authentication server to establish a secure connection to the remote server;
  
  establishing the secure connection with the remote server using encryption keys stored on the secure boot device; and
  
  transferring data between the client computer and the remote server over the secure connection to perform transactions initiated by a user of the client computer;
  
  wherein the remote server utilizes encryption keys associated with a unique ID from the secure boot device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the authentication information includes a secure identifier of the secure boot device.
  - 3. The method of claim 1, wherein transferring data between the client computer and the remote server comprises splitting and encrypting the data prior to transmitting the data between the client computer and the remote server.
  - 4. The method of claim 1, wherein the client computer and the remote server are communicatively connected by a public network.
  - 5. The method of claim 1, wherein the authentication server is located in a remote data center.
  - 6. The method of claim 5, wherein the remote server is at a location separate from the remote data center.
  - 7. The method of claim 1, wherein providing authentication information from data stored upon the secure boot device to an authentication server comprises providing the authentication information from the client computer to a secure appliance, wherein the secure appliance is configured to route the authentication information to the authentication server.
  - 8. The method of claim 1, wherein the remote server is located at a data center affiliated with a financial institution, and wherein the transactions include banking transactions.
  - 9. The method of claim 1, wherein booting a client computer from a trusted set of processing modules stored in the secure boot device comprises, upon rebooting the client computer, selecting the secure boot device as the boot device for the client computer.
  - 10. The method of claim 1, further comprising, upon completion of the transactions, terminating the secure connection between the client computer and the remote server.

11. A secure connection system comprising:
- a client computer having a secure boot device connected thereto;
  
  a remote server communicatively connected to the client computer via a communications network;
  
  a trusted set of processing modules stored in the secure boot device that, when executed on the client computer, cause the client computer to;
  
  boot from the trusted set of processing modules;
  
  verify the contents of the trusted set of processing modules prior to execution of those modules;
  
  establish a secure connection with the remote server using encryption keys stored on the secure boot device; and
  
  transfer data between the client computer and the remote server of the secure connection to perform transactions initiated by a user of the client computer;
  
  wherein the remote server utilizes encryption keys associated with a unique identifier from the secure boot device.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The secure connection system of claim 11, further comprising an authentication server configured to authenticate the client computer prior to data transfer between the client computer and the remote server.
  - 13. The secure connection system of claim 12, wherein the authentication server is located at a managed service provider.
  - 14. The secure connection system of claim 12, wherein the remote server is located at a managed service provider.
  - 15. The secure connection system of claim 11, wherein the secure connection between the client computer and the remote server is configured to transmit split and encrypted data between the client computer and the remote server.
  - 16. The secure connection system of claim 11, wherein the data transmitted via the secure connection is encrypted at least in part using the encryption keys associated with the unique identifier.
  - 17. The secure connection system of claim 11, further comprising a secure appliance communicatively connected to the remote server via a secure connection, and wherein transactions initiated by the user of the client computer are routed to the remote server from the client computer via the secure appliance.
  - 18. The secure connection system of claim 17, wherein the trusted set of processing modules cause the client computer to establish a secure connection with the remote server by establishing a secure connection between the client computer and the secure appliance.
  - 19. The secure connection system of claim 11, wherein the remote server utilizes one or more communities of interest associated with the encryption keys stored on the secure boot device, and wherein the communities of interest associated with the encryption keys limit communication of the client computer to communication with authorized computing systems.
  - 20. The secure connection system of claim 19, wherein authorized computing systems include the remote server.
  - 21. The secure connection system of claim 11, wherein the remote server is a web services server.

22. A computer storage medium comprising computer-executable instructions stored in a memory and including a trusted set of processing modules which, when executed, cause a computing system to:
- boot from the trusted set of processing modules;
  
  verify the contents of the trusted set of processing modules prior to execution of those modules;
  
  establish a secure connection with a remote server using encryption keys stored on the secure boot device; and
  
  transfer data between the client computer and the remote server of the secure connection to perform transactions initiated by a user of the client computer;
  
  wherein the remote server utilizes encryption keys associated with a unique identifier from the secure boot device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Nieters, Thomas, Trocki, Jim, Vallevand, Mark, Farina, Ralph Robert, Rajcan, Steven Lee

Application Number

US13/105,154
Publication Number

US 20120084544A1
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/575   Secure boot

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/12   Applying verification of th...

METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS BETWEEN A SECURE VIRTUAL TERMINAL AND A REMOTE SYSTEM

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS BETWEEN A SECURE VIRTUAL TERMINAL AND A REMOTE SYSTEM

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links