System for providing secure and trusted computing environments through a secure computing module

US 7,734,933 B1
Filed: 06/17/2005
Issued: 06/08/2010
Est. Priority Date: 06/17/2005
Status: Active Grant

First Claim

Patent Images

1. A system for providing a trusted COTS computing environment for an untrusted host, comprising:

a first subsystem including authenticated applications software and authenticated operating systems;

a second subsystem for managing and controlling I/O paths to said system, wherein said second subsystem includes a processor for maintaining secure partitions for memory and I/O resources, a plurality of I/O channels, a cryptographic engine, and a secure local memory; and

a trusted agent communicatively coupled to said second subsystem, said trusted agent providing a secure path between an input device and an output device of said untrusted host and said system, said trusted agent residing on said untrusted host,wherein said first subsystem is cleansed and then stored on said secure local memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a system for providing a trusted environment for untrusted computing systems. The system may include a HAC subsystem managing shared resources and a trusted bus switch for controlling a COTS processor to access the shared resources. The shared resources such as memory and several I/O resources reside on the trusted side of the trusted bus switch. Alternatively, the system may include a SCM as an add-on module to an untrusted host environment. Only authenticated applications including COTS OS execute on the SCM while untrusted applications execute on the untrusted host environment. The SCM may control secure resource access from the untrusted host through a plug-in module interface. All secure resources may be maintained on the trusted side of the plug-in module interface.

Citations

38 Claims

1. A system for providing a trusted COTS computing environment for an untrusted host, comprising:
- a first subsystem including authenticated applications software and authenticated operating systems;
  
  a second subsystem for managing and controlling I/O paths to said system, wherein said second subsystem includes a processor for maintaining secure partitions for memory and I/O resources, a plurality of I/O channels, a cryptographic engine, and a secure local memory; and
  
  a trusted agent communicatively coupled to said second subsystem, said trusted agent providing a secure path between an input device and an output device of said untrusted host and said system, said trusted agent residing on said untrusted host,wherein said first subsystem is cleansed and then stored on said secure local memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system as described in claim 1, wherein said trusted agent provides virtual input device and output devices for said first and second subsystems by utilizing said input and output devices of said untrusted host.
  - 3. The system as described in claim 1, wherein said first subsystem and said second subsystem are coupled through a virtual I/O path.
  - 4. The system as described in claim 1, wherein said plurality of I/O channels include an I/O channel coupled to a secured network.
  - 5. The system as described in claim 1, wherein said plurality of I/O channels include an I/O channel coupled to said secure local memory.
  - 6. The system as described in claim 1, wherein said second subsystem further comprises a secure network interface module.
  - 7. The system as described in claim 1, wherein said trusted agent is loaded on said untrusted host during an initialization phase of said system.
  - 8. The system as described in claim 7, wherein said trusted agent is loaded in a plug and play fashion.
  - 9. The system as described in claim 7, wherein said trusted agent is configured to ensure zeroization of said untrusted host.
  - 10. The system as described in claim 1, wherein said first subsystem is encrypted after being cleansed.
  - 11. The system as described in claim 1, wherein said stored first subsystem is loaded with said second subsystem during an initialization phase.
  - 12. The system as described in claim 11, wherein said first subsystem includes authenticated code and data used for a running a COTS application.
  - 13. The system as described in claim 1, wherein said processor of said second subsystem manages an untrusted host interface through predetermined security policies.
  - 14. The system as described in claim 1, wherein said secure local memory employs a cryptographic engine.
  - 15. The system as described in claim 1, wherein said authenticated applications software is COTS.
  - 16. The system as described in claim 1, wherein said authenticated operating systems are COTS.

17. A secure system, comprising:
- a secure computing module, the secure computing module including;
  
  a first subsystem including authenticated applications, data and code associated with said authenticated applications and authenticated operating systems, anda second subsystem for controlling each I/O path of said secure computing module, said second subsystem including;
  
  a trusted processor, the trusted processor configured for maintaining secure partitions for memory and I/O resources;
  
  a plurality of I/O channels;
  
  a cryptographic engine; and
  
  a local storage;
  
  a host interface module communicatively coupled to the secure computing module via said second subsystem of said secure computing module, said host interface module configured for interfacing between an untrusted host environment and a trusted environment; and
  
  a secure wireless module, said processor of said second subsystem providing a secured wireless interface through said cryptographic engine and said secure wireless module, said host interface module residing on said untrusted environment and said first subsystem and said second subsystem residing on a trusted environment, said first subsystem being cleansed and stored on the local storage.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 18. The secure system as described in claim 17, wherein said first subsystem and said second subsystem are communicatively coupled though virtual I/O paths.
  - 19. The secure system as described in claim 17, wherein said operating systems are embedded COTS operating systems.
  - 20. The secure system as described in claim 17, wherein said secure computing module allows only authenticated applications to run on said trusted environment.
  - 21. The secure system as described in claim 17, wherein said first subsystem is cleansed and then stored on said local storage.
  - 22. The secure system as described in claim 21, wherein said first subsystem is encrypted after being cleansed.
  - 23. The secure system as described in claim 21, wherein said stored first subsystem on said local storage is loaded during an initialization phase of said secure computing module.
  - 24. The secure system as described in claim 22, wherein said first subsystem is decrypted and loaded during an initialization phase of said secure computing module.
  - 25. The secure system as described in claim 17, wherein said second subsystem further includes a Field-Programmable Gate Array coupled to said host interface module.
  - 26. The secure system as described in claim 17, wherein said host interface module includes a Compact Flash interface module.
  - 27. The secure system as described in claim 17, wherein said host interface module includes a Universal Serial Bus interface module.
  - 28. The secure system as described in claim 17, wherein said Secure Computing Module is an add-on module to an untrusted host platform in said untrusted host environment.
  - 29. The secure system as described in claim 17, wherein said host interface module includes a PCMCIA module.
  - 30. The secure system as described in claim 17, wherein said secure computing module is suitable for being packaged in a form factor suitable for portable devices.
  - 31. The secure system as described in claim 30, wherein said portable devices includes a PDA device.

32. A secure system, comprising:
- means for providing an authenticated subsystem, said authenticated subsystem including applications, data and code associated with said applications, and embedded operating systems;
  
  means for controlling each I/O path of said secure system, said controlling means including;
  
  means for maintaining secure partitions for memory and I/O resources;
  
  means for encrypting and decrypting information; and
  
  means for storing said authenticated subsystem and said encrypted information;
  
  means for creating a secure I/O path for untrusted host input and output devices;
  
  means for interfacing between an untrusted host platform and said secured system, wherein said means for creating a secure I/O path is located on said untrusted host platform,wherein said authenticated subsystem is cleansed and then stored on said storing means.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The secure system as described in claim 32, wherein said authenticated subsystem is encrypted after being cleansed.
  - 34. The secure system as described in claim 33, wherein said stored authenticated subsystem is decrypted and loaded during an initialization phase.
  - 35. The secure system as described in claim 32, wherein said creating a secure I/O path means utilizes input and output devices of said untrusted host platform to provide virtual input and output devices for said secure system.
  - 36. The secure system as described in claim 32, wherein each I/O path of said secure system is configured to go through said controlling I/O means.
  - 37. The secure system as described in claim 32, wherein said creating a secure I/O means ensures zeroization of said untrusted host.
  - 38. The secure system as described in claim 32, wherein said creating a secure I/O means includes software acting as a trusted agent for said secure system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rockwell Collins, Inc. (Rtx Corporation)
Original Assignee
Rockwell Collins, Inc. (Rtx Corporation)
Inventors
Koenck, Steven E., Hardin, David S., Mass, Allen P., Kamin, Raymond A. III, Marek, James A.
Primary Examiner(s)
Kim; Jung
Assistant Examiner(s)
Lemma; Samson B

Application Number

US11/156,244
Time in Patent Office

1,817 Days
Field of Search

713/193, 713/164, 726/2, 726/17
US Class Current

713/193
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 21/85   interconnection devices, e....

G06F 2221/2153   Using hardware token as a s...

System for providing secure and trusted computing environments through a secure computing module

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

System for providing secure and trusted computing environments through a secure computing module

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links