Method and system for secure transactions in a computer system
First Claim
1. A system for secure transactions in a host computer, comprising:
- a security co-processor; and
an interface for interfacing the security co-processor to the host computer, the interface including an interface communication protocol for restricting access by the host computer to data passing through the security co-processor, wherein secure transaction processing is performed locally in the security co-processor and non-secure transaction processing is performed in the host computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for secure transactions. The method and system comprise a security co-processor and an interface for interfacing the security co-processor to a host computer system. The method and system wherein secure transaction processing is performed locally in the security co-processor and non-secure transaction processing is performed in the host computer system. The method and system further include means for providing trusted input coupled to the security co-processor. In addition, the method and system include a second interface coupled to the security co-processor for receiving sensitive data from a smart card, and a trusted display coupled to the security co-processor for providing true transaction information. One advantage of the method and system in accordance with the present invention is that transactions are protected from unauthorized intrusion and, in addition, participation is proven so that transactions cannot be repudiated. Another advantage is that the method and system maintain compatibility with smart cards technology. Yet another advantage is that, because the security co-processor has functionality, smart cards require built-in functionality only for storing sensitive data including account number and private-key and for providing digital signatures to prove participation. Moreover, smart cards can carry biometric data to be recognized by the method and system for an even more reliable proof of participation and card-holder verification. With less built-in functionality, the smart cards are less complex and less expensive. Finally, the method and system are easily implemented with current technology, and the overall cost of the system is reduced.
-
Citations
36 Claims
-
1. A system for secure transactions in a host computer, comprising:
-
a security co-processor; and an interface for interfacing the security co-processor to the host computer, the interface including an interface communication protocol for restricting access by the host computer to data passing through the security co-processor, wherein secure transaction processing is performed locally in the security co-processor and non-secure transaction processing is performed in the host computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for secure transactions in a host computer, comprising:
-
a security co-processor; an interface for interfacing the security co-processor to the host computer, the interface including an interface communication protocol for restricting access by the host computer to data passing through the security co-processor; and means for providing trusted input coupled to the security co-processor, wherein secure transaction processing is performed locally in the security co-processor and non-secure transaction processing is performed in the host computer system. - View Dependent Claims (15, 16)
-
-
17. A system for secure transactions in a host computer, comprising:
-
a security co-processor, the security co-processor including a processor, a processor support coupled to the processor;
a display interface coupled to the processor, first interface means for receiving trusted input, the first interface means being coupled to the processor, smart card interface means coupled to the processor, a memory coupled to the processor, an external memory interface coupled to the processor, a cryptographic unit coupled to the processor, and second interface means coupled to the processor, the second interfacing means for interfacing with a plurality of computer systems;an interface for interfacing between the security co-processor and the host computer, the interface including an interface communication protocol for restricting access by the host computer to data passing through the security co-processor, wherein the interface is coupled to the second interface means; means for providing trusted input coupled to the security co-processor via the first interface means; a smart card interface coupled to the smart card interface means of the security co-processor, the smart card interface for interfacing between the security co-processor and smart cards; and a trusted display coupled to the display interface of the security co-processor for providing a visual feedback and true transaction information, wherein secure transaction processing is performed locally in the security co-processor and non-secure transaction processing is performed in the host computer system.
-
-
18. A method for secure transactions in a host computer, the method comprising the steps of:
-
a) providing a security co-processor; and b) providing a interface for interfacing the security co-processor to the host computer, the interface including an interface communication protocol for restricting access by the host computer to data passing through the security co-processor, wherein secure transaction processing is performed locally in the security co-processor and non-secure transaction processing is performed in the host computer system. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A computer readable medium including program instructions for secure encrypted and authenticated transactions, the program instructions being executed via a security co-processor, the security co-processor communicating with a host computer via a host interface including a firewall, the firewall having functionality being enforced by an interface communication protocol for restricting access by the host computer to data passing through the security co-processor, the program instructions for:
-
a) indicating a secure mode in response to communications from the host computer wherein a keyboard entry of sensitive data is requested; b) providing data to a trusted display in order to provide a visual feedback during the keyboard entry of the sensitive data and for displaying true transaction information; c) performing an encryption of the sensitive data in a cryptographic unit within the security co-processor in order to provide the sensitive data in an encrypted form; d) computing a hash of a message in order to form a mechanism for signature; e) transferring the hash to a smart card for signing; f) signing the message in the smart card with a private-key; g) handing the message to the host computer for further transmission to a transaction party; and h) building a certificate cache with pre-verified and validated certificates indicating identities belonging to sources of messages received by the security co-processor, wherein secure transaction processing is performed locally in the security co-processor and non-secure transaction processing is performed in the host computer.
-
Specification