TRUSTED COMPUTING
First Claim
1. A trusted computing device, comprising:
- an isolated environment comprising;
an isolated environment processor;
memory comprising a secure partition and a non-secure partition, the memory connected for data communication with the isolated environment processor; and
an auxiliary processor connected for data communication with the isolated environment processor and the memory;
wherein the memory and the auxiliary processor communicate with a host only through the isolated environment processor;
a host interface connected for data communication with the isolated environment processor; and
a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that, when executed by the trusted computing device, cause the trusted computing device to;
present a first file system partition at the host interface via the isolated environment processor, the first file system partition comprising a host write file and a host read file, wherein file creation and file deletion privileges are allocated only to the isolated environment processor;
present a non-secured second file system partition with access to the memory non-secure partition via the host interface via the isolated environment processor;
receive, via the host write file, requests to perform trusted computing in the isolated environment, the trusted computing comprising one or more of;
random number generation, append-only logging, monotonic counting, streaming encryption and decryption, bulk encryption and decryption, and isolated storage;
perform the requested trusted computing using at least one of the isolated environment processor, the memory secure partition and the auxiliary processor; and
write the trusted computing results to the host read-only file.
2 Assignments
0 Petitions
Accused Products
Abstract
A trusted computing device (TCD) includes an isolated environment, host interface, secure interface, and program instructions. The environment includes an isolated environment processor (IEP), memory (secure and non-secure partition), and an auxiliary processor (AP). Memory and AP are connected for data communication with the IEP, and communicate with a host only through the IEP. The host interface and each secure interface are connected for data communication with the IEP. The instructions provision TCD for cryptographic operations via a secure interface; present a first file system partition comprising a write file and a read file with file creation/deletion privileges allocated only to the IEP at the host interface via the IEP; present a non-secured file system partition with access to the non-secure partition via the host interface via the IEP; receive, via the write file, requests to perform trusted computing; perform requested computing using the IEP, secure memory, and AP; and write results to the read file.
-
Citations
22 Claims
-
1. A trusted computing device, comprising:
-
an isolated environment comprising; an isolated environment processor; memory comprising a secure partition and a non-secure partition, the memory connected for data communication with the isolated environment processor; and an auxiliary processor connected for data communication with the isolated environment processor and the memory; wherein the memory and the auxiliary processor communicate with a host only through the isolated environment processor; a host interface connected for data communication with the isolated environment processor; and a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that, when executed by the trusted computing device, cause the trusted computing device to; present a first file system partition at the host interface via the isolated environment processor, the first file system partition comprising a host write file and a host read file, wherein file creation and file deletion privileges are allocated only to the isolated environment processor; present a non-secured second file system partition with access to the memory non-secure partition via the host interface via the isolated environment processor; receive, via the host write file, requests to perform trusted computing in the isolated environment, the trusted computing comprising one or more of;
random number generation, append-only logging, monotonic counting, streaming encryption and decryption, bulk encryption and decryption, and isolated storage;perform the requested trusted computing using at least one of the isolated environment processor, the memory secure partition and the auxiliary processor; and write the trusted computing results to the host read-only file.
-
-
2. A trusted computing system, comprising:
a trusted computing device comprising; an isolated environment comprising; an isolated environment processor; and memory comprising a secure partition and connected for data communication with the isolated environment processor; and wherein the memory communicates with the host only through the isolated environment processor; a host interface connected for data communication with the isolated environment processor; and a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to; present a first file system partition via the host interface from the isolated environment processor, the first file system partition comprising a host write file and a host read-only file; receive, via the host write file, requests to perform trusted computing in the isolated environment; perform the requested trusted computing operations using the isolated environment processor and the memory secure partition; and write the secure operation results to the host read-only file. - View Dependent Claims (3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
6. (canceled)
-
17. (canceled)
-
18. A method to perform trusted computing, comprising:
providing a trusted computing device, comprising, an isolated environment comprising; an isolated environment processor, and memory comprising a secure partition and connected for data communication with the isolated environment processor, wherein the memory communicates with the host only through the isolated environment processor; a host interface connected for data communication with the isolated environment processor; and a computer program product comprising a non-transitory computer-readable media having computer-executable program instructions embodied thereon that when executed by a computer cause the computer to; present a first file system partition via the host interface from the isolated environment processor, the first file system partition comprising a host write file and a host read-only file; receive, via the host write file, requests to perform trusted computing in the isolated environment; to perform the requested trusted computing operations using the isolated environment processor and the memory secure partition; and write the secure operation results to the host read-only file. - View Dependent Claims (19, 20, 21, 22)
Specification