MULTI-ENCLAVE TOKEN
First Claim
Patent Images
1. A token for use with an electronic system, comprising:
- a processor;
non-volatile program storage memory; and
non-volatile data storage memory;
wherein the non-volatile program storage memory contains a single copy of an operating system;
wherein the non-volatile data storage memory comprises a plurality of enclaves each containing policy and setting data usable by the operating system;
wherein the non-volatile data storage memory comprises computer readable code operative to permit the processor to access a selected one of the enclaves of the data-storage memory, and to deny said processor access to all other of said enclaves, and to cause the processor to run the operating system using said policy and setting data contained by said one enclave.
0 Assignments
0 Petitions
Accused Products
Abstract
A security token has multiple independent application enclaves, on which different application providers can install encryption keys and/or other data to authenticate a user of the token to their respective applications.
42 Citations
12 Claims
-
1. A token for use with an electronic system, comprising:
-
a processor; non-volatile program storage memory; and non-volatile data storage memory; wherein the non-volatile program storage memory contains a single copy of an operating system; wherein the non-volatile data storage memory comprises a plurality of enclaves each containing policy and setting data usable by the operating system; wherein the non-volatile data storage memory comprises computer readable code operative to permit the processor to access a selected one of the enclaves of the data-storage memory, and to deny said processor access to all other of said enclaves, and to cause the processor to run the operating system using said policy and setting data contained by said one enclave. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system, comprising:
-
a processor; a data communication port; and non-volatile storage containing computer readable code; wherein said computer readable code comprises middleware operative to interface with a token connected to said data communication port; wherein said middleware is operative to cause said processor to; send an enclave query message through said communication port; receive through said communication port in response to said enclave query message an enclave query response message identifying one or more enclaves; determine whether any of said one or more enclaves is an enclave associated with said middleware; and
if sosend an enclave select message specifying said associated enclave through said communication port; and subsequently interact with said token as if said associated enclave were the only active enclave on said token. - View Dependent Claims (11)
-
-
12. A method of securing data, comprising;
-
connecting a token to a computer, the token comprising a processor, a single copy of an operating system, and non-volatile data storage memory divided into a plurality of enclaves; sending an enclave query message from middleware on the computer to the token; the token sending to the computer in response to said enclave query message an enclave query response message identifying one or more enclaves on the token; determining whether any of said one or more enclaves is an enclave associated with said middleware; and
if sosending an enclave select message specifying said associated enclave from said computer to said token; the token accessing the specified one of the enclaves, running the single copy of the operating system using policy and setting data contained by said specified enclave, and denying access to all other of said enclaves; and subsequently interacting with said token as if said associated enclave were the only active enclave on said token.
-
Specification