System and method for securing data from a remote input device

US 8,295,484 B2
Filed: 12/09/2005
Issued: 10/23/2012
Est. Priority Date: 12/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method for secure handling of input data comprising:

receiving the input data at a first integrated security module in an input device;

storing the input data within a security boundary of the first integrated security module;

establishing a secure communications channel on a short range communications link between the first integrated security module in the input device and a second integrated security module in a processing component by exchanging a temporary cryptographic key;

encrypting the input data within the first integrated security module using the temporary cryptographic key; and

transmitting the encrypted input data to the second integrated security module in the processing component over the secure communications channel.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An input device with an integrated security module communicates with a processing component over an insecure medium. The insecure medium may be a wireless network, software stack, or the like. According to one embodiment, the security module is integrated into an existing chip of the input device. Data generated by the input device is encoded and/or authenticated by the security module prior its transmission to the processing device. The processing device receives the input data and processes it within its own security boundary for providing selected services or information to a user or application associated with the input device.

Citations

32 Claims

1. A method for secure handling of input data comprising:
- receiving the input data at a first integrated security module in an input device;
  
  storing the input data within a security boundary of the first integrated security module;
  
  establishing a secure communications channel on a short range communications link between the first integrated security module in the input device and a second integrated security module in a processing component by exchanging a temporary cryptographic key;
  
  encrypting the input data within the first integrated security module using the temporary cryptographic key; and
  
  transmitting the encrypted input data to the second integrated security module in the processing component over the secure communications channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 31, 32)
- - 2. The method of claim 1, wherein the establishing the secure communications channel includes generating an asymmetric key pair.
  - 3. The method of claim 2, wherein the asymmetric key pair includes a private key and a public key, wherein the private key is stored within the first integrated security module and the public key is exported to the processing component.
  - 4. The method of claim 2, wherein the asymmetric key pair is generated within the security boundary of the first integrated security module.
  - 5. The method of claim 2, wherein establishing the secure communications channel on the short range communications link includes establishing the secure communications channel using the asymmetric key pair.
  - 6. The method of claim 1, wherein establishing the secure communications channel includes generating a symmetric key.
  - 7. The method of claim 1, wherein the first integrated security module encrypts the input data using the symmetric key.
  - 8. The method of claim 1, wherein the input device is a sensor.
  - 9. The method of claim 1, wherein the short range communications link is a wireless link.
  - 10. The method of claim 1, wherein the short range communications link is a Bluetooth link.
  - 31. The method of claim 1, wherein the input device is bound to the processing component using input device identification information stored at the processing component.
  - 32. The method of claim 31, wherein the binding between the input device and the processing component enables the processing component to recognize the input device as an authorized input device.

11. A secure data processing system comprising:
- an input device including a first integrated security module configured to store input data within a security boundary of the first integrated security module; and
  
  a processing component, including a second integrated security module, coupled to the input device via a secure short range communications link established by exchanging a temporary cryptographic key with the input device, wherein the first integrated security module is configured to;
  
  encrypt the input data within the first integrated security module using the temporary cryptographic key, andtransmit the encrypted input data to the second integrated security module over the secure short range communications link.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11, wherein an asymmetric key pair used for securing the input data includes a private key and a public key, and wherein the private key is stored within the first integrated security module and the public key is exported to the processing component.
  - 13. The system of claim 12, wherein the asymmetric key pair is generated within a security boundary provided by the first integrated security module.
  - 14. The system of claim 11, wherein the first integrated security module is configured to establish a secure communications channel on the short range communications link using an asymmetric key pair.
  - 15. The system of claim 11, wherein the input device is configured to establish a secure communications channel on the short range communications link using a symmetric key.
  - 16. The system of claim 11, wherein the first integrated security module is configured to encrypt the input data based on the symmetric key.
  - 17. The system of claim 11, wherein the input device is a sensor.
  - 18. The system of claim 11, wherein the short range communications link is a wireless link.

19. A secure data processing system comprising:
- an input device, including a first integrated security module, configured to;
  
  receive input data, andstore the input data within a security boundary of the first integrated security module of the input device, wherein the first integrated security module is configured to encrypt the input data within the first integrated security module using a temporary cryptographic key; and
  
  a transmitter configured to;
  
  establish, by exchanging the temporary cryptographic key with a processing component, a short range communications link with the processing component, andtransmit the encrypted input data to the processing component.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The system of claim 19, wherein the input device is configured to secure the input data based on an asymmetric key pair.
  - 21. The system of claim 20, wherein the asymmetric key pair includes a private key and a public key, wherein the private key is stored within the first integrated security module and the public key is exported to the processing component.
  - 22. The system of claim 20, wherein the asymmetric key pair is generated within a security boundary provided by the first integrated security module.
  - 23. The system of claim 20, wherein the first integrated security module is configured to establish a secure communications channel on the short range communications link using the asymmetric key pair.
  - 24. The secure data processing system of claim 19, wherein the input device is configured to establish a secure communications channel on the short range communications link using a symmetric key.
  - 25. The secure data processing system of claim 19, wherein the first integrated security module is configured to encrypt the input data using the symmetric key.
  - 26. The secure data processing system of claim 19 further comprising a sensor for receiving user identification information.
  - 27. The secure data processing system of claim 19, wherein the short range communications link is a wireless link.

28. A method for secure handling of input data comprising:
- receiving the input data at a first integrated security module in an input device;
  
  storing the input data within a security boundary of a first integrated security module of the input device;
  
  establishing, by exchanging a temporary cryptographic key with a processing component, a secure communications channel on a short range communications link between the first integrated security module in the input device and a second integrated security module in the processing component;
  
  encrypting the input data within the first integrated security module using the temporary cryptographic key; and
  
  transmitting the encrypted input data to the second integrated security module in the processing component over the secure communications channel, wherein the input device is bound to the processing component using input device identification information stored at the processing component during manufacturing of the processing component.
- View Dependent Claims (29, 30)
- - 29. The method of claim 28, further comprising exporting a first cryptographic key to the processing component, wherein the first cryptographic key is a public portion of an asymmetric key.
  - 30. The method of claim 29, further comprising:
    - securely providing to the input device a second cryptographic key using the first cryptographic key, wherein the second cryptographic key is a symmetric key; and
      
      encrypting the input data using the second cryptographic key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NXP B.V. (NXP Semiconductors NV)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark, Frank, Ed
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US11/298,153
Publication Number

US 20060133604A1
Time in Patent Office

2,510 Days
Field of Search

380/255, 380/285, 380/28, 380/30, 726/9, 713/150
US Class Current

380/255
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/045   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 9/0877   using additional device, e....

System and method for securing data from a remote input device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing data from a remote input device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links