Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor
First Claim
Patent Images
1. A secure computing network, comprising:
- a network computer, wherein the network computer comprises a trusted subsystem including a cryptographic entity;
communications means, connected to the network computer, for transferring data between the network computer and another computer;
an input/output device;
a workstation connected to the communications means, wherein the workstation comprises an input/output device port and an auxiliary data port; and
a trusted path subsystem, connected to the input/output device, the input/output device port and the auxiliary data port, wherein the trusted path subsystem comprises encryption means for encrypting and decrypting data transferred over said communications means.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for ensuring secure communication over an unsecured communications medium between a user working on an unsecured workstation or computer and a host computer. A secure user interface is created by inserting a trusted path subsystem between input/output devices to the workstation and the workstation itself. Data transferred from the input/output devices is intercepted, encrypted and transmitted in packets to the host computer. Packets of screen display data from the host computer are decrypted and presented within a user-defined screen overlay.
-
Citations
13 Claims
-
1. A secure computing network, comprising:
-
a network computer, wherein the network computer comprises a trusted subsystem including a cryptographic entity; communications means, connected to the network computer, for transferring data between the network computer and another computer; an input/output device; a workstation connected to the communications means, wherein the workstation comprises an input/output device port and an auxiliary data port; and a trusted path subsystem, connected to the input/output device, the input/output device port and the auxiliary data port, wherein the trusted path subsystem comprises encryption means for encrypting and decrypting data transferred over said communications means. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A secure computing network comprising:
-
a network computer, wherein the network computer comprises a trusted subsystem including a cryptographic entity; communications means, connected to the network computer, for transferring data between the network computer and another computer; an input/output device; a workstation comprising; an input/output device port; and a workstation communications port; and a trusted path subsystem, connected to said input/output device said input/output device port, said workstation communications port and said communications means, wherein the trusted path subsystem comprises encryption means for encrypting and decrypting data transferred over said communications means and network interface means, connected to the communication means, for transferring the encrypted data between the trusted path subsystem and the trusted subsystem. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of securely transferring data in a network comprising an unsecured workstation connected to a secure computer server, wherein the unsecured workstation includes a workstation processing unit and an input/output device and wherein the workstation processing unit includes an input/output device port and an auxiliary data port, the method comprising the steps of:
-
providing a secure server having a trusted subsystem, wherein the trusted subsystem includes encryption means for encrypting and decrypting data transferred to and from the trusted subsystem; providing a trusted path subsystem, wherein the trusted path subsystem includes a trusted path subsystem processor and an input/output device manager; and inserting the trusted path subsystem between the input/output device and the workstation processing unit, wherein the step of inserting includes the steps of; connecting the input/output device port to the input/output device manager; and connecting the auxiliary data port to the trusted path subsystem processor.
-
-
12. A method for providing secure file transfer capability over a network from an unsecured workstation to a second computer, wherein the workstation comprises an input/output device and a workstation processing unit, wherein the workstation processing unit includes an auxiliary data port and an input/output device port and wherein the second computer comprises a trusted subsystem and encryption means for encrypting and decrypting data transferred between the unsecured workstation and the trusted subsystem, the method comprising the steps of:
-
providing a trusted path subsystem, said trusted path subsystem including an input/output device manager and a trusted path subsystem processor capable of executing a secure electronic mail program; inserting the trusted path subsystem between the input/output device and the workstation processing unit, wherein the step of inserting includes the steps of; connecting the input/output device port to the input/output device manager; and connecting the auxiliary data port to the trusted path subsystem processor; downloading from the workstation processing unit to the trusted path subsystem processor a file to be transferred to the second computer; displaying, on the input/output device, a representation of the file to be transferred; if the file is as expected, transferring the file to the second computer; and if the file is not as expected, generating an error message. - View Dependent Claims (13)
-
Specification