Secure integrated device with secure, dynamically-selectable capabilities
First Claim
1. A computer program product for providing a secure, integrated device with dynamically selectable capabilities, the computer program product embodied on one or more computer-usable media and comprising:
- computer-readable program code that is configured to operate a security core which provides security functions;
computer-readable program code that is configured to establish a secure, operable connection of one or more components to the security core, such that the security core can vouch for authenticity of each securely operably connected component, wherein the security core and the operably connected components thereby comprise the secure integrated device; and
computer-readable program code that is configured to securely perform a transaction using the secure integrated device, wherein the computer-readable program code that is configured to securely perform a transaction further comprises computer-readable program code that is configured to digitally notarize, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device, and wherein the computer-readable program code that is configured to digitally notarize further comprises;
computer-readable program code that is configured to authenticate the selected operably connected component to the security core;
computer-readable program code that is configured to compute, by the security core, a hash value over the output data stream;
computer-readable program code that is configured to hash, by the security core, a combination of (1) the hash value and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block;
computer-readable program code that is configured to digitally sign, by the security core, the hashed data block using a private key of the security core; and
computer-readable program code that is configured to provide the digitally signed hashed data block along with the combination as the digital notarization of the output data stream.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, computer program product, and method of doing business by providing a secure integrated device (such as a pervasive computing device) for which operating capabilities can be dynamically yet securely selected (including, but not limited to, pluggable connection of input/output devices and/or application processors that provide selected functions). Each input/output (I/O) device and application processor to be used is plugged in to a bus of a security core, and authenticates itself to the security core using public key infrastructure techniques, thereby creating a secure multi-function device. All of the multi-function device'"'"'s input and output interactions with its environment necessarily traverse an I/O bus under the sole control of the security core. The only communication path between an application processor and the external environment (such as an I/O device) is through an application processor bus, which is likewise under control of the security core. Thus a user may dynamically yet securely select the capabilities of a multi-function device, and because each I/O device and application processor in use by that multi-function device is authenticated, the security of transactions or network services performed when using such devices is improved.
-
Citations
30 Claims
-
1. A computer program product for providing a secure, integrated device with dynamically selectable capabilities, the computer program product embodied on one or more computer-usable media and comprising:
-
computer-readable program code that is configured to operate a security core which provides security functions; computer-readable program code that is configured to establish a secure, operable connection of one or more components to the security core, such that the security core can vouch for authenticity of each securely operably connected component, wherein the security core and the operably connected components thereby comprise the secure integrated device; and computer-readable program code that is configured to securely perform a transaction using the secure integrated device, wherein the computer-readable program code that is configured to securely perform a transaction further comprises computer-readable program code that is configured to digitally notarize, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device, and wherein the computer-readable program code that is configured to digitally notarize further comprises; computer-readable program code that is configured to authenticate the selected operably connected component to the security core; computer-readable program code that is configured to compute, by the security core, a hash value over the output data stream; computer-readable program code that is configured to hash, by the security core, a combination of (1) the hash value and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block; computer-readable program code that is configured to digitally sign, by the security core, the hashed data block using a private key of the security core; and computer-readable program code that is configured to provide the digitally signed hashed data block along with the combination as the digital notarization of the output data stream. - View Dependent Claims (2, 6, 7, 8, 9, 10)
-
-
3. A computer program product for providing a secure, integrated device with dynamically selectable capabilities, the computer program product embodied on one or more computer-usable media and comprising:
-
computer-readable program code that is configured to operate a security core which provides security functions; computer-readable program code that is configured to establish a secure, operable connection of one or more components to the security core, such that the security core can vouch for authenticity of each securely operably connected component, wherein the security core and the operably connected components thereby comprise the secure integrated device; and computer-readable program code that is configured to securely perform a transaction using the secure integrated device, wherein the computer-readable program code that is configured to securely perform a transaction further comprises computer-readable program code that is configured to digitally notarize, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device, and wherein the computer-readable program code that is configured to digitally notarize further comprises; computer-readable program code that is configured to authenticate the selected operably connected component to the security core; computer-readable program code that is configured to compute, by the security core, a hash value over each of a plurality of segments of the output data stream, wherein a boundary between segments is determined by an elapsed time value; computer-readable program code that is configured to hash, by the security core, a combination of (1) the hash value for each segment and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block for each segment; computer-readable program code that is configured to digitally sign, by the security core, the hashed data block for each segment using a private key of the security core; and computer-readable program code that is configured to provide the digitally signed hashed data block for each segment along with the combination for each segment as the digital notarization of the segments which comprise the output data stream. - View Dependent Claims (4, 5)
-
-
11. A system for providing a secure, integrated device with dynamically selectable capabilities, comprising:
-
a security core which provides security functions; one or more components; means for operating the security core; means for establishing a secure, operable connection of the components to the security core;
such that the security core can vouch for authenticity of each securely operably connected component, wherein the security core and the operably connected components thereby comprise the secure integrated device; andmeans for securely performing a transaction using the secure integrated device, wherein the means for securely performing a transaction further comprises means for digitally notarizing, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device, and wherein the means for digitally notarizing further comprises; means for authenticating the selected operably connected component to the security core; means for computing, by the security core, a hash value over the output data stream; means for hashing, by the security core, a combination of (1) the hash value and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block; means for digitally signing, by the security core, the hashed data block using a private key of the security core; and means for providing the digitally signed hashed data block along with the combination as the digital notarization of the output data stream. - View Dependent Claims (12, 16)
-
-
13. A system for providing a secure, integrated device with dynamically selectable capabilities, comprising:
-
a security core which provides security functions; one or more components; means for operating the security core; means for establishing a secure, operable connection of the components to the security core, such that the security core can vouch for authenticity of each securely operably connected component, wherein the security core and the operably connected components thereby comprise the secure integrated device; and means for securely performing a transaction using the secure integrated device, wherein the means for securely performing a transaction further comprises means for digitally notarizing, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device, and wherein the means for digitally notarizing further comprises; means for authenticating the selected operably connected component to the security core; means for computing, by the security core, a hash value over each of a plurality of segments of the output data stream, wherein a boundary between segments is determined by an elapsed time value; means for hashing, by the security core, a combination of (1) the hash value for each segment and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block for each segment; means for digitally signing, by the security core, the hashed data block for each segment using a private key of the security core; and means for providing the digitally signed hashed data block for each segment along with the combination for each segment as the digital notarization of the segments which comprise the output data stream. - View Dependent Claims (14, 15, 17, 18, 19, 20)
-
-
21. A method of providing a secure, integrated device with dynamically selectable capabilities, comprising:
-
operating a security core which provides security functions; establishing a secure, operable connection of one or more components to the security core, such that the security core can vouch for authenticity of each secure operably connected component, wherein the security core and the operably connected components thereby comprise the secure integrated device; and securely performing a transaction using the secure integrated device, wherein securely performing a transaction further comprises digitally notarizing, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device, wherein digitally notarizing further comprises; authenticating the selected operably connected component to the security core; computing, by the security core, a hash value over the output data stream; hashing, by the security core, a combination of (1) the hash value and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block; digitally signing, by the security core, the hashed data block using a private key of the security core; and providing the digitally signed hashed data block along with the combination as the digital notarization of the output data stream. - View Dependent Claims (22, 27)
-
-
23. A method of providing a secure, integrated device with dynamically selectable capabilities, comprising:
-
operating a security core which provides security functions; establishing a secure, operable connection of one or more components to the security core, such that the security core can vouch for authenticity of each secure operably connected component, wherein the security core and the operably connected components thereby comprise the secure integrated device; and securely performing a transaction using the secure integrated device, wherein securely performing a transaction further comprises digitally notarizing, by the security core, an output data stream created by a selected one of the operably connected components of the secure integrated device, wherein the digitally notarizing further comprises; authenticating the selected operably connected component to the security core; computing, by the security core, a hash value over each of a plurality of segments of the output data stream, wherein a boundary between segments is determined by an elapsed time value; hashing, by the security core, a combination of (1) the hash value for each segment and (2) the unique identifier of the selected operably connected component, thereby creating a hashed data block for each segment; digitally signing, by the security core, the hashed data block for each segment using a private key of the security core; and providing the digitally signed hashed data block for each segment along with the combination for each segment as the digital notarization of the segments which comprise the output data stream. - View Dependent Claims (24, 25, 26, 28, 29, 30)
-
Specification