System for providing a trustworthy user interface
First Claim
1. A data processing system capable of operating in a trusted operating mode, the data processing system comprising:
- main processing means for executing at least one application process;
a trusted component comprising means for executing a trusted process in a trusted operating mode, means for mutually authenticating the trusted component with a user, means for acquiring trusted seal data associated with the user from a removable secure token having a secure token reader for reading data from and/or writing data to the removable secure token, and means for generating user feedback signals;
at least one user feedback device; and
user feedback processing means for receiving said user feedback signals and controlling the user feedback device on the basis of the signals,wherein the trusted component comprises means for controlling the user feedback processing means to cause the user feedback device to provide an indication, using the trusted seal data, that the data processing system is operating in a trusted operating mode.
2 Assignments
0 Petitions
Accused Products
Abstract
The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user'"'"'s smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).
-
Citations
36 Claims
-
1. A data processing system capable of operating in a trusted operating mode, the data processing system comprising:
-
main processing means for executing at least one application process; a trusted component comprising means for executing a trusted process in a trusted operating mode, means for mutually authenticating the trusted component with a user, means for acquiring trusted seal data associated with the user from a removable secure token having a secure token reader for reading data from and/or writing data to the removable secure token, and means for generating user feedback signals; at least one user feedback device; and user feedback processing means for receiving said user feedback signals and controlling the user feedback device on the basis of the signals, wherein the trusted component comprises means for controlling the user feedback processing means to cause the user feedback device to provide an indication, using the trusted seal data, that the data processing system is operating in a trusted operating mode. - View Dependent Claims (2, 3, 4)
-
-
5. A data processing system capable of operating in a trusted operating mode, the data processing system comprising:
-
main processing means for executing at least one application process and for generating signals characterising a main image to be displayed; a trusted component comprising means for executing a trusted process in a trusted operating mode and means for mutually authenticating the trusted component with a computing entity trusted by a user; display processing means for receiving said signals and generating respective display signals for driving a visual display unit to display the main image, wherein the trusted component comprises means to acquire from a computing entity trusted by a user trusted image data associated with the user and means to control the display processing means using the trusted image data, in order to indicate to the user that the data processing system is operating in the trusted operating mode, the computing entity being a removable secure token having a secure token reader for reading data from and/or writing data to the removable secure token. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer platform capable of operating in a trusted operating mode, the computer platform comprising:
-
a main processor programmed to execute at least one application process and for generating signals characterising a main image to be displayed; a trusted component protected against unauthorised modification comprising a trusted component processor programmed to execute a trusted process in a trusted operating mode and means for mutually authenticating the trusted component with a computing entity trusted by a user; a display processor for receiving said signals and generating respective display signals for driving a visual display unit to display the main image, wherein the trusted component processor is programmed to acquire from a computing entity trusted by a user trusted image data associated with the user and to control the display processor, using the trusted image data, in order to indicate to the user that the computer platform is operating in the trusted operating mode, the computing entity being a removable secure token having a secure token reader for reading data from and/or writing data to the removable secure token. - View Dependent Claims (23, 24)
-
-
25. A method of providing a trusted user interface in a data processing system comprising a main processor and a trusted component containing a trusted component processor protected from unauthorised modification, the method comprising:
-
the main processor running an application process to generate main image data and sending the main image data to a display processing system; the trusted component mutually authenticating itself with a computing entity trusted by a user; the trusted component processor operating a trusted process and acquiring from the computing entity trusted image data associated with the user, the computing entity being a removable secure token having a secure token reader for reading data from and/or writing data to the removable secure token; the trusted component processor controlling the output of the display processing system such that it comprises a combination of the trusted image data and the main image data so as to indicate to the user that the data processing system is operating in a trusted mode associated with the trusted process. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A method for a computing entity comprised of a removable secure token having a secure token reader for reading data from and/or writing data to the removable secure token, the computing entity being trusted by a user to establish a demonstrably authenticated connection with that user, the method comprising the computing entity:
-
holding trusted image data identified as being associated with that user; conducting a mutual authentication process with a computing apparatus used by the user; and if the mutual authentication process has a satisfactory result, providing the trusted image data to the computing apparatus used by the user for display to the user to demonstrate that a connection to the computing entity trusted by the user exists.
-
Specification