End-to-End Trusted Communications Infrastructure
First Claim
Patent Images
1. A method establishing a trusted end-to-end communication link to provide secure access to information, the method comprising:
- receiving an input by a processor executing in a trusted security zone of a mobile access terminal, wherein the trusted security zone includes a hardware root of trust and a secure partition that receives the input;
preventing, by execution of the processor in the trusted security zone, applications outside of the trusted security zone from executing on the mobile access terminal, wherein applications that execute outside of the trusted security zone are blocked from accessing the secure partition that received the input;
generating, by a secure application stored in the secure partition and executing on the processor in the trusted security zone of the mobile access terminal, a message and a trust token for transmission via a trusted end-to-end communication link, wherein the trusted end-to-end communication link comprises a plurality of network nodes and provides handling of the message in a corresponding trusted security zone of each network node along the trusted end-to-end communication link; and
transmitting, by the mobile access terminal, the message and trust token along the trusted end-to-end communication link to a trusted cloudlet executing in a trusted security zone of a cloud based server, wherein the cloud based server is one endpoint in the trusted end-to-end communication link with the mobile access terminal.
6 Assignments
0 Petitions
Accused Products
Abstract
A method establishing a trusted end-to-end communication link is disclosed. The method comprises executing a communication application in a trusted security zone of a mobile access terminal. The method also comprises sending a message from the mobile access terminal to a trusted communication application executing in a trusted security zone of a trusted enterprise edge node. The method further comprises sending the message from the trusted enterprise edge node to a trusted cloudlet executing in a trusted security zone of a cloud based server.
42 Citations
20 Claims
-
1. A method establishing a trusted end-to-end communication link to provide secure access to information, the method comprising:
-
receiving an input by a processor executing in a trusted security zone of a mobile access terminal, wherein the trusted security zone includes a hardware root of trust and a secure partition that receives the input; preventing, by execution of the processor in the trusted security zone, applications outside of the trusted security zone from executing on the mobile access terminal, wherein applications that execute outside of the trusted security zone are blocked from accessing the secure partition that received the input; generating, by a secure application stored in the secure partition and executing on the processor in the trusted security zone of the mobile access terminal, a message and a trust token for transmission via a trusted end-to-end communication link, wherein the trusted end-to-end communication link comprises a plurality of network nodes and provides handling of the message in a corresponding trusted security zone of each network node along the trusted end-to-end communication link; and transmitting, by the mobile access terminal, the message and trust token along the trusted end-to-end communication link to a trusted cloudlet executing in a trusted security zone of a cloud based server, wherein the cloud based server is one endpoint in the trusted end-to-end communication link with the mobile access terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method establishing a trusted end-to-end communication link to provide secure access to information, the method comprising:
-
receiving, by a trusted cloudlet executing in a trusted security zone of a cloud based server, a message and a trust token sent from a mobile access terminal; determining, by the trusted cloudlet while preventing execution of applications that execute outside of the trusted security zone of the cloud based server, that the message was generated in a trusted security zone of the mobile access terminal based on the trust token; verifying, by the trusted cloudlet in the trusted security zone of the cloud based server, that the message was handled in trusted security zones along a trusted end-to-end communication link, wherein each trusted security zone includes a hardware root of trust and a secure partition; and based on the verification, executing the message in the trusted security zone of the cloud based server while preventing execution of applications that execute outside of the trusted security zone of the cloud based server. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method establishing a trusted end-to-end communication link to provide secure access to information, the method comprising:
-
receiving, by a trusted communication application executing in a trusted security zone of a trusted enterprise edge node, a message via a trusted end-to-end communication link from a communication application executing in a trusted security zone of a mobile access terminal; determining, by the trusted communication application of the trusted enterprise edge node while preventing execution of applications that execute outside of the trusted security zone of the trusted enterprise edge node, that the message was handled in the trusted security zone of the mobile access terminal, wherein each trusted security zone includes a hardware root of trust and a secure partition; and in response to the determining, sending the message, from the trusted security zone of the trusted enterprise edge node, to a trusted cloudlet executing in a trusted security zone of a cloud based server, wherein sending the message to the trusted security zone of the cloud based server maintains continuity of the trusted end-to-end communication link. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification