METHODS AND SYSTEMS FOR UPDATING A SECURE BOOT DEVICE USING CRYPTOGRAPHICALLY SECURED COMMUNICATIONS ACROSS UNSECURED NETWORKS

US 20120084562A1
Filed: 05/11/2011
Published: 04/05/2012
Est. Priority Date: 10/04/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method of updating a virtual terminal associated with a secure network, the method comprising:

validating at a service enclave an identity of a user of a virtual terminal, the service enclave including an authorization server, and the virtual terminal generated from a trusted set of processing modules executing from a secure boot device at a client computing device;

authorizing the user of the virtual terminal to access a customer enclave and an update enclave based on security credentials received from the virtual terminal; and

while the user of the virtual terminal establishes a secure connection between the client computing device and the customer enclave, transmitting updates from the update enclave to the client computing device, thereby updating the trusted set of processing modules.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for updating a virtual terminal associated with a secure network are disclosed. One method includes validating at a service enclave an identity of a user of a virtual terminal. The service enclave includes an authorization server, and the virtual terminal is generated from a trusted set of processing modules executing from a secure boot device at a client computing device. The method further includes authorizing the user of the virtual terminal to access a customer enclave and an update enclave based on security credentials received from the virtual terminal. The method also includes, while the user of the virtual terminal establishes a secure connection between the client computing device and the customer enclave, transmitting updates from the update enclave to the client computing device, thereby updating the trusted set of processing modules.

Citations

22 Claims

1. A method of updating a virtual terminal associated with a secure network, the method comprising:
- validating at a service enclave an identity of a user of a virtual terminal, the service enclave including an authorization server, and the virtual terminal generated from a trusted set of processing modules executing from a secure boot device at a client computing device;
  
  authorizing the user of the virtual terminal to access a customer enclave and an update enclave based on security credentials received from the virtual terminal; and
  
  while the user of the virtual terminal establishes a secure connection between the client computing device and the customer enclave, transmitting updates from the update enclave to the client computing device, thereby updating the trusted set of processing modules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the customer enclave and the update enclave have separately established secure connections to the client computing device.
  - 3. The method of claim 1, wherein the customer enclave is located at a customer site, and the update enclave is located at a managed service provider.
  - 4. The method of claim 3, wherein the service enclave is located at the managed service provider.
  - 5. The method of claim 1, wherein the service enclave provides authentication and authorization of the client computing device for connection to both the customer enclave and the update enclave.
  - 6. The method of claim 1, wherein the security credentials received from the virtual terminal includes a security identifier associated with a secure boot device directly communicatively connected to a computing system hosting the virtual terminal.
  - 7. The method of claim 1, wherein the secure connection transmits split and encrypted data packets between the client computing device and the customer enclave representing transactions sent from the virtual terminal to the customer enclave.
  - 8. The method of claim 1, wherein validating at a service enclave an identity of a user of a virtual terminal comprises receiving from the service enclave a location of the customer enclave, a location of the update enclave, and a plurality of keys used to establish secure connections to the customer enclave and the update enclave.
  - 9. The method of claim 8, wherein validating at the service enclave an identity of a user of a virtual terminal further includes receiving an update script
  - 10. The method of claim 1, wherein transmitting updates from the update enclave to the client computing device comprises transmitting updates to an ephemeral port assigned at the client computing device.
  - 11. The method of claim 1, further comprising validating at the service enclave an integrity status of a trusted set of software modules installed on the secure boot device.
  - 12. The method of claim 1, further comprising, prior to validating at the service enclave an identity of a user of the virtual terminal, establishing a secure connection between the virtual terminal on the client computing device and the service enclave based at least in part on the trusted set of processing modules executing from the secure boot device.
  - 13. The method of claim 1, further comprising, upon termination of the secure connection between the virtual terminal on the client computing device and the service enclave while updates are transmitted from the update enclave, terminating transmission of updates from the update enclave.
  - 14. The method of claim 13, further comprising:
    - resuming a secure connection between the virtual terminal on the client computer and the service enclave; and
      
      upon resuming the secure connection, resuming transmission of updates from the update enclave to the client computing device.

15. A system for updating one or more trusted software modules in a secure boot device directly connected to a client computing system, the system comprising:
- a service enclave configured to receive and respond to authentication and authorization requests from a client computing system, and to define one or more communities of interest associated with a secure boot device;
  
  a customer enclave configured to, upon authorization of the secure boot device at the service enclave, establish a secure connection to the client computing system and receive transaction information from the client computing system; and
  
  an update enclave configured to, while the secure connection is established between the customer enclave and the client computing device, establish a second secure connection between the update enclave and the client computing device and update one or more of the trusted software modules.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the customer enclave is at a separate location from the update enclave.
  - 17. The system of claim 15, wherein the service enclave includes an authorization server configured to receive and respond to authorization requests from the client computing device.
  - 18. The system of claim 15, wherein the service enclave includes an administrative server configured to manage communities of interest, each community of interest defining one or more users and one or more resources the one or more users are authorized to access.
  - 19. The system of claim 15, wherein the update enclave is collocated with the service enclave.
  - 20. The system of claim 15, wherein the secure boot device includes a read-only memory portion and a read-write memory portion, the read-only memory portion including a boot module.
  - 21. The system of claim 15, wherein the update enclave is configured to update one or more trusted software modules stored in the read-write memory portion of the secure boot device.

22. A computer-storage medium storing computing instructions which, when executed, implement a computerized method of updating a virtual terminal associated with a secure network, the method comprising:
- validating at a service enclave an identity of a user of a virtual terminal, the service enclave including an authorization server, and the virtual terminal generated from a trusted set of processing modules executing from a secure boot device at a client computing device;
  
  authorizing the user of the virtual terminal to access a customer enclave based on security credentials received from the virtual terminal; and
  
  while the user of the virtual terminal establishes a secure connection between the client computing device and the customer enclave, transmitting updates from an update enclave to the client computing device, thereby updating the trusted set of processing modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jim R. Trocki, Mark Valleyand, Ralph Rabert Farina, Steven Lee Rajcan
Original Assignee
Jim R. Trocki, Mark Valleyand, Ralph Rabert Farina, Steven Lee Rajcan
Inventors
Rajcan, Steven Lee, Farina, Ralph Rabert, Trocki, Jim R., Valleyand, Mark

Application Number

US13/105,164
Publication Number

US 20120084562A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/575   Secure boot

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/12   Applying verification of th...

METHODS AND SYSTEMS FOR UPDATING A SECURE BOOT DEVICE USING CRYPTOGRAPHICALLY SECURED COMMUNICATIONS ACROSS UNSECURED NETWORKS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR UPDATING A SECURE BOOT DEVICE USING CRYPTOGRAPHICALLY SECURED COMMUNICATIONS ACROSS UNSECURED NETWORKS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links