Method and system for authenticating and utilizing secure resources in a computer system
First Claim
1. A method for executing secure transactions on a computer system, the method comprising the steps of:
- (a) providing a basic input output system (BIOS) on the computer system, the BIOS including first means for indicating a first trust relationship with the BIOS;
(b) providing a secure peripheral coupled with the computer system, the secure peripheral including second means for indicating a second trust relationship with the secure peripheral;
(c) providing a master security co-processor coupled with the secure peripheral and the memory, the master security co-processor for processing sensitive data on the computer system and including third means for indicating a third trust relationship with the master security co-processor; and
(d) utilizing the BIOS or master security co-processor to verify at least one of the first trust relationship, the second trust relationship, or the third trust relationship using the first means for indicating the first trust relationship, the second means for indicating the second trust relationship, or the third means for indicating the third trust relationship.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for executing secure transactions on a computer system is disclosed. The computer system includes a memory. In one aspect, the method and system include providing a basic input output system (BIOS) on the computer system, providing a secure peripheral coupled with the computer system, and providing a master security co-processor coupled with the computer system. The BIOS includes first unit for indicating a first trust relationship with the BIOS. The secure peripheral includes second unit for indicating a second trust relationship with the secure peripheral. The master security co-processor is for processing sensitive data on the computer system and includes third unit for indicating a third trust relationship with the master security co-processor. The method and system further includes utilizing the BIOS to verify at least one of the first trust relationship, the second trust relationship, or the third trust relationship using the first unit for indicating the first trust relationship, the second unit for indicating the second trust relationship, or the third unit for indicating the third trust relationship. In another aspect, the method and system are for executing an application utilizing sensitive data on a computer system. The computer system includes a master security co-processor and a secure peripheral. In this aspect, the method and system include establishing a secure channel for communication between the master security co-processor and the secure peripheral for executing a portion of the application and executing the portion of the application by the master security co-processor utilizing the secure channel.
211 Citations
34 Claims
-
1. A method for executing secure transactions on a computer system, the method comprising the steps of:
-
(a) providing a basic input output system (BIOS) on the computer system, the BIOS including first means for indicating a first trust relationship with the BIOS; (b) providing a secure peripheral coupled with the computer system, the secure peripheral including second means for indicating a second trust relationship with the secure peripheral; (c) providing a master security co-processor coupled with the secure peripheral and the memory, the master security co-processor for processing sensitive data on the computer system and including third means for indicating a third trust relationship with the master security co-processor; and (d) utilizing the BIOS or master security co-processor to verify at least one of the first trust relationship, the second trust relationship, or the third trust relationship using the first means for indicating the first trust relationship, the second means for indicating the second trust relationship, or the third means for indicating the third trust relationship. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for executing an application utilizing sensitive data on a computer system, the computer system including a master security co-processor and a secure peripheral, the master security co-processor including a first digital certificate and a first key, the secure peripheral including a second digital certificate and a second key, the method comprising the steps of:
-
(a) establishing a secure channel for communication between the master security co-processor and the secure peripheral for executing a portion of the application, the secure channel establishing step (a) further including the steps of (a1) providing the first digital certificate to the secure peripheral; (a2) providing the second digital certificate to the master security co-processor; (a3) verifying the first digital certificate using the secure peripheral; (a4) verifying the second digital certificate using the master security co-processor; and (a5) providing a session key based on the first key and the second key, the session key for communication between the master security co-processor and the secure peripheral for executing the portion of the application; and (b) executing the portion of the application by the master security co-processor utilizing the secure channel. - View Dependent Claims (14, 15, 16)
-
-
17. A method for executing an application utilizing sensitive data on a computer system, the computer system including a master security co-processor and a secure peripheral, the method comprising the steps of:
-
(a) establishing a secure channel for communication between the master security co-processor and the secure peripheral for executing a portion of the application; (b) executing the portion of the application by the master security co-processor utilizing the secure channel; (c) determining whether the application can be executed securely; and (d) allowing a system administrator to track use of the secure peripheral.
-
-
18. An apparatus for executing secure transactions on a computer system comprising:
-
a computer system including a basic input output system (BIOS), the BIOS including first means for indicating a first trust relationship with the BIOS; a secure peripheral coupled with the computer system, the secure peripheral including second means for indicating a second trust relationship with the secure peripheral; and a master security co-processor coupled with the computer system, the master security co-processor including third means for indicating a third trust relationship with the security co-processor; wherein the BIOS verifies at least one of the first trust relationship, the second trust relationship, or the third trust relationship using the first means for indicating the first trust relationship, the second means for indicating the second trust relationship, or the third means for indicating the third trust relationship. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. An apparatus for executing an application utilizing sensitive data on a computer system, the computer system including a master security co-processor and a secure peripheral, the master security co-processor further including a first digital certificate, the secure peripheral including a second digital certificate, the apparatus comprising:
-
means for establishing a secure channel for communication between the master security co-processor and the secure peripheral for executing a portion of the application, the secure channel establishing means further including means for providing the first digital certificate to the secure peripheral; means for providing the second digital certificate to the master security co-processor; means for verifying the first digital certificate using the secure peripheral; means for verifying the second digital certificate using the master security co-processor; and means for providing a session key for communication between the master security co-processor and the secure peripheral for executing the application; and means for executing the portion of the application by the master security co-processor utilizing the secure channel. - View Dependent Claims (31, 32, 33)
-
-
34. An apparatus for executing an application utilizing sensitive data on a computer system, the computer system including a master security co-processor and a secure peripheral, the apparatus comprising:
-
means for establishing a secure channel for communication between the master security co-processor and the secure peripheral for executing a portion of the application; and means for executing the portion of the application by the master security co-processor utilizing the secure channel means for determining whether the application can be executed securely means for allowing a system administrator to track use of the secure peripheral.
-
Specification