TRUSTED SECURITY ZONE ACCESS TO PERIPHERAL DEVICES

US 20140033316A1
Filed: 07/24/2012
Published: 01/30/2014
Est. Priority Date: 07/24/2012
Status: Active Grant

First Claim

Patent Images

1. A method of trusted data communication, comprising:

executing, by a computer, a data communication application in a trusted security zone of a processor, wherein the processor is a component of the computer;

commanding, by the computer, a controller of a trusted peripheral device to execute a control application in a trusted security zone of the controller, wherein the controller of the trusted peripheral device is a component of the computer, and wherein the trusted peripheral device is a party to a trusted data communication;

commanding, by the computer, at least one of another peripheral device or a user interface device to not access a data bus of the computer and to execute an idling program to idle active applications or programs while the controller of the trusted peripheral device is executing the control application in the trusted security zone of the controller, wherein the at least one of the other peripheral device or the user interface does not read from or write to the data bus while executing the idling program, and wherein the at least one of the other peripheral device or the user interface device is not a party to the trusted data communication;

verifying, by the computer, that the controller of the trusted peripheral device is executing the control application in the trusted security zone of the controller; and

sending, by the computer, data from the processor to the controller of the trusted peripheral device over the data bus of the computer after verifying that the controller of the trusted peripheral device is executing the control application in the trusted security zone of the controller;

wherein the controller of the trusted peripheral device performs at least one of transmitting the data sent by the processor on an external communication link, reading a memory storage disk, or writing to a memory storage disk.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of trusted data communication. The method comprises executing a data communication application in a trusted security zone of a processor, wherein the processor is a component of a computer, commanding a controller of a peripheral device to execute a control application in a trusted security zone of the controller, wherein the controller is a component of the computer, commanding at least one of another peripheral device or a user interface device to not access a data bus of the computer, verifying that the controller is executing the control application in the trusted security zone of the controller, sending data from the processor to the controller over the data bus of the computer, and the controller one of transmitting the data sent by the processor on an external communication link, reading a memory storage disk, or writing to a memory storage disk.

49 Citations

20 Claims

1. A method of trusted data communication, comprising:
- executing, by a computer, a data communication application in a trusted security zone of a processor, wherein the processor is a component of the computer;
  
  commanding, by the computer, a controller of a trusted peripheral device to execute a control application in a trusted security zone of the controller, wherein the controller of the trusted peripheral device is a component of the computer, and wherein the trusted peripheral device is a party to a trusted data communication;
  
  commanding, by the computer, at least one of another peripheral device or a user interface device to not access a data bus of the computer and to execute an idling program to idle active applications or programs while the controller of the trusted peripheral device is executing the control application in the trusted security zone of the controller, wherein the at least one of the other peripheral device or the user interface does not read from or write to the data bus while executing the idling program, and wherein the at least one of the other peripheral device or the user interface device is not a party to the trusted data communication;
  
  verifying, by the computer, that the controller of the trusted peripheral device is executing the control application in the trusted security zone of the controller; and
  
  sending, by the computer, data from the processor to the controller of the trusted peripheral device over the data bus of the computer after verifying that the controller of the trusted peripheral device is executing the control application in the trusted security zone of the controller;
  
  wherein the controller of the trusted peripheral device performs at least one of transmitting the data sent by the processor on an external communication link, reading a memory storage disk, or writing to a memory storage disk.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the trusted peripheral device is a universal serial bus (USB) port.
  - 3. The method of claim 1, wherein the trusted peripheral device is an Ethernet port.
  - 4. The method of claim 1, wherein the trusted peripheral device is a memory disk drive controller.
  - 5. The method of claim 1, wherein the user interface device is one of a keyboard, a display, a touchscreen, or a microphone.
  - 6. The method of claim 1, wherein commanding the controller of the trusted peripheral device to execute the control application in the trusted security zone of the controller is performed by sending a trusted flag in a message by the processor to the controller of the trusted peripheral device.

7. A system for trusted communication, comprising:
- a universal serial bus drive coupled to a data bus, the universal serial bus drive comprising;
  
  a memory, wherein the memory contains at least some confidential information,a processor coupled to the memory,a universal serial bus connector coupled to the processor, andan application stored in the memory that, when executed by the processor,determines that a request to access the memory received by the universal serial bus connector is directed to the at least some confidential information,satisfies the request to access the memory when a message, received by the universal serial bus connector from a sender of the request to access the memory, indicates that the sender is executing in a trusted security zone, anddoes not satisfy the request to access the memory when the message is not received by the universal series bus connector from the sender; and
  
  at least one of a peripheral device or a user interface device coupled to the data bus, wherein the at least one of the peripheral device or the user interface device is commanded to not access the data bus and to execute an idling program to idle active applications or programs while the application satisfies the request to access the memory, wherein the at least one of the peripheral device or the user interface does not read from or write to the data bus while executing the idling program, and wherein the at least one of the peripheral device or the user interface device is not a party to a trusted data communication.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the at least some confidential information comprises at least one of a credit card number, a credit card authentication number, a financial account number, a financial account authentication number, a social security number, or a telephone number.
  - 9. The system of claim 7, wherein the processor comprises a trusted security zone and wherein the application executes in the trusted security zone of the processor.
  - 10. The system of claim 9, wherein the at least some confidential information is stored in a trusted security zone of the memory.
  - 11. The system of claim 9, wherein the application executes in the trusted security zone of the processor based on the request.
  - 12. The system of claim 11, wherein the request indicates that the request is to be processed by the trusted security zone of the processor.
  - 13. The system of claim 7, wherein the application sends an execution request to the sender to execute in the trusted security zone of the sender.

14. A method of accessing a memory disk drive, comprising:
- transmitting, by a computer to a disk controller of a memory disk drive, a command to execute in a trusted security zone of the disk controller;
  
  transmitting, by the computer to the disk controller, a request for confirmation that the disk controller is executing in the trusted security zone of the disk controller;
  
  when a confirmation that the disk controller is executing in the trusted security zone of the disk controller is received, transmitting, by the computer to the disk controller, a command to access a trusted security zone portion of the memory disk drive; and
  
  commanding, by the computer, at least one of another peripheral device or a user interface device to not access a data bus of the computer and to execute an idling program to idle active applications or programs while the disk controller accesses the trusted security portion of the memory disk drive, wherein the at least one of the peripheral device or the user interface does not read from or write to the data bus while executing the idling program, and wherein the at least one of the peripheral device or the user interface device is not a party to a trusted data communication.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein a server computer transmits the command to the memory disk drive to execute in the trusted security zone of the disk controller.
  - 16. The method of claim 14, wherein the confirmation comprises a trust token.
  - 17. The method of claim 14, wherein the memory disk drive is installed in one of a desk top computer, a laptop computer, or a notebook computer.
  - 18. The method of claim 14, wherein the memory disk drive further comprises a normal security portion.
  - 19. The method of claim 14, wherein the trusted security zone of the disk controller comprises a separate physical portion of the disk controller.
  - 20. The method of claim 14, wherein the trusted security zone of the disk controller comprises a virtual processor portion of the disk controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Paczkowski, Lyle W., Persson, Carl J., Schlesener, Matthew C., Parsel, William M.

Granted Patent

US 8,667,607 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/74   operating in dual or compar...

G06F 21/85   interconnection devices, e....

TRUSTED SECURITY ZONE ACCESS TO PERIPHERAL DEVICES

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRUSTED SECURITY ZONE ACCESS TO PERIPHERAL DEVICES

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links